Security: Add Pod user to missed services

This PS adds the pod user to missed services, which is required
for fully agnosic image operation.

Change-Id: I09c481f90b5e6a478e699ebaae51a2316ceb6a8d
This commit is contained in:
Pete Birley 2017-08-28 20:18:38 -05:00
parent 10591db58c
commit 46f9dea2c8
6 changed files with 13 additions and 0 deletions

View File

@ -46,6 +46,8 @@ spec:
image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.barbican.uid }}
command:
- /tmp/barbican.sh
- start

View File

@ -29,6 +29,9 @@ images:
pull_policy: "IfNotPresent"
pod:
user:
barbican:
uid: 1000
affinity:
anti:
type:

View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command:
- /tmp/mistral-api.sh
- start

View File

@ -46,6 +46,8 @@ spec:
image: {{ .Values.images.executor }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.executor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command:
- /tmp/mistral-executor.sh
volumeMounts:

View File

@ -41,6 +41,8 @@ spec:
image: {{ .Values.images.engine }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command:
- /tmp/mistral-engine.sh
volumeMounts:

View File

@ -43,6 +43,8 @@ spec:
image: {{ .Values.images.event_engine }}
imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.event_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command:
- /tmp/mistral-event-engine.sh
volumeMounts: