openstack/openstack-helm
Code Issues Proposed changes

Merge "Security: Add Pod user to missed services"

Browse Source
This commit is contained in:
Jenkins
2017-08-29 11:25:46 +00:00
committed by Gerrit Code Review
parent ceb30e8cc7 46f9dea2c8
commit 774c34176d
6 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
barbican/templates/deployment-api.yaml
View File

@@ -46,6 +46,8 @@ spec:
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.barbican.uid }}
command: command:
- /tmp/barbican.sh - /tmp/barbican.sh
- start - start

3
barbican/values.yaml
View File

@@ -29,6 +29,9 @@ images:
pull_policy: "IfNotPresent" pull_policy: "IfNotPresent"
pod: pod:
user:
barbican:
uid: 1000
affinity: affinity:
anti: anti:
type: type:

2
mistral/templates/deployment-api.yaml
View File

@@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command: command:
- /tmp/mistral-api.sh - /tmp/mistral-api.sh
- start - start

2
mistral/templates/deployment-executor.yaml
View File

@@ -46,6 +46,8 @@ spec:
image: {{ .Values.images.executor }} image: {{ .Values.images.executor }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.executor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.executor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command: command:
- /tmp/mistral-executor.sh - /tmp/mistral-executor.sh
volumeMounts: volumeMounts:

2
mistral/templates/statefulset-engine.yaml
View File

@@ -41,6 +41,8 @@ spec:
image: {{ .Values.images.engine }} image: {{ .Values.images.engine }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command: command:
- /tmp/mistral-engine.sh - /tmp/mistral-engine.sh
volumeMounts: volumeMounts:

2
mistral/templates/statefulset-event-engine.yaml
View File

@@ -43,6 +43,8 @@ spec:
image: {{ .Values.images.event_engine }} image: {{ .Values.images.event_engine }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.event_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.event_engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.mistral.uid }}
command: command:
- /tmp/mistral-event-engine.sh - /tmp/mistral-event-engine.sh
volumeMounts: volumeMounts: