Security: Add Pod user to missed services
This PS adds the pod user to missed services, which is required for fully agnosic image operation. Change-Id: I09c481f90b5e6a478e699ebaae51a2316ceb6a8d
This commit is contained in:
Pete Birley
parent
10591db58c
commit
46f9dea2c8
@ -46,6 +46,8 @@ spec:
|
|||||||
image: {{ .Values.images.api }}
|
image: {{ .Values.images.api }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.pod.user.barbican.uid }}
|
||||||
command:
|
command:
|
||||||
- /tmp/barbican.sh
|
- /tmp/barbican.sh
|
||||||
- start
|
- start
|
||||||
|
|||||||
@ -29,6 +29,9 @@ images:
|
|||||||
pull_policy: "IfNotPresent"
|
pull_policy: "IfNotPresent"
|
||||||
|
|
||||||
pod:
|
pod:
|
||||||
|
user:
|
||||||
|
barbican:
|
||||||
|
uid: 1000
|
||||||
affinity:
|
affinity:
|
||||||
anti:
|
anti:
|
||||||
type:
|
type:
|
||||||
|
|||||||
@ -47,6 +47,8 @@ spec:
|
|||||||
image: {{ .Values.images.api }}
|
image: {{ .Values.images.api }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||||
command:
|
command:
|
||||||
- /tmp/mistral-api.sh
|
- /tmp/mistral-api.sh
|
||||||
- start
|
- start
|
||||||
|
|||||||
@ -46,6 +46,8 @@ spec:
|
|||||||
image: {{ .Values.images.executor }}
|
image: {{ .Values.images.executor }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.executor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.executor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||||
command:
|
command:
|
||||||
- /tmp/mistral-executor.sh
|
- /tmp/mistral-executor.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
@ -41,6 +41,8 @@ spec:
|
|||||||
image: {{ .Values.images.engine }}
|
image: {{ .Values.images.engine }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||||
command:
|
command:
|
||||||
- /tmp/mistral-engine.sh
|
- /tmp/mistral-engine.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
@ -43,6 +43,8 @@ spec:
|
|||||||
image: {{ .Values.images.event_engine }}
|
image: {{ .Values.images.event_engine }}
|
||||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||||
{{ tuple $envAll $envAll.Values.pod.resources.event_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
{{ tuple $envAll $envAll.Values.pod.resources.event_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||||
|
securityContext:
|
||||||
|
runAsUser: {{ .Values.pod.user.mistral.uid }}
|
||||||
command:
|
command:
|
||||||
- /tmp/mistral-event-engine.sh
|
- /tmp/mistral-event-engine.sh
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user