Security: Add Pod user to missed services
This PS adds the pod user to missed services, which is required for fully agnosic image operation. Change-Id: I09c481f90b5e6a478e699ebaae51a2316ceb6a8d
This commit is contained in:
parent
10591db58c
commit
46f9dea2c8
@ -46,6 +46,8 @@ spec:
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.barbican.uid }}
|
||||
command:
|
||||
- /tmp/barbican.sh
|
||||
- start
|
||||
|
@ -29,6 +29,9 @@ images:
|
||||
pull_policy: "IfNotPresent"
|
||||
|
||||
pod:
|
||||
user:
|
||||
barbican:
|
||||
uid: 1000
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
|
@ -47,6 +47,8 @@ spec:
|
||||
image: {{ .Values.images.api }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||
command:
|
||||
- /tmp/mistral-api.sh
|
||||
- start
|
||||
|
@ -46,6 +46,8 @@ spec:
|
||||
image: {{ .Values.images.executor }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.executor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||
command:
|
||||
- /tmp/mistral-executor.sh
|
||||
volumeMounts:
|
||||
|
@ -41,6 +41,8 @@ spec:
|
||||
image: {{ .Values.images.engine }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||
command:
|
||||
- /tmp/mistral-engine.sh
|
||||
volumeMounts:
|
||||
|
@ -43,6 +43,8 @@ spec:
|
||||
image: {{ .Values.images.event_engine }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.event_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||
command:
|
||||
- /tmp/mistral-event-engine.sh
|
||||
volumeMounts:
|
||||
|
Loading…
Reference in New Issue
Block a user