openstack/openstack-helm
Code Issues Proposed changes

Merge "Security: Container user for support openstack services"

Browse Source
This commit is contained in:
Jenkins 2017-08-28 15:02:22 +00:00 committed by Gerrit Code Review
commit 2a08d8cde6
15 changed files with 37 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
glance/templates/deployment-api.yaml
View File

@ -62,6 +62,8 @@ spec:
- name: ceph-keyring-placement - name: ceph-keyring-placement
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
securityContext:
runAsUser: {{ .Values.pod.user.glance.uid }}
command: command:
- /tmp/ceph-keyring.sh - /tmp/ceph-keyring.sh
volumeMounts: volumeMounts:
@ -81,6 +83,8 @@ spec:
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.glance.uid }}
command: command:
- /tmp/glance-api.sh - /tmp/glance-api.sh
- start - start

2
glance/templates/deployment-registry.yaml
View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.registry }} image: {{ .Values.images.registry }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.registry | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.glance.uid }}
command: command:
- /tmp/glance-registry.sh - /tmp/glance-registry.sh
- start - start

3
glance/values.yaml
View File

@ -318,6 +318,9 @@ endpoints:
default: 5672 default: 5672
pod: pod:
user:
glance:
uid: 1000
affinity: affinity:
anti: anti:
type: type:

2
heat/templates/deployment-api.yaml
View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.heat.uid }}
command: command:
- /tmp/heat-api.sh - /tmp/heat-api.sh
- start - start

2
heat/templates/deployment-cfn.yaml
View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.cfn }} image: {{ .Values.images.cfn }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.cfn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.cfn | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.heat.uid }}
command: command:
- /tmp/heat-cfn.sh - /tmp/heat-cfn.sh
- start - start

2
heat/templates/deployment-cloudwatch.yaml
View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.cloudwatch }} image: {{ .Values.images.cloudwatch }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.cloudwatch | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.cloudwatch | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.heat.uid }}
command: command:
- /tmp/heat-cloudwatch.sh - /tmp/heat-cloudwatch.sh
- start - start

2
heat/templates/statefulset-engine.yaml
View File

@ -43,6 +43,8 @@ spec:
image: {{ .Values.images.engine }} image: {{ .Values.images.engine }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.heat.uid }}
command: command:
- /tmp/heat-engine.sh - /tmp/heat-engine.sh
volumeMounts: volumeMounts:

3
heat/values.yaml
View File

@ -333,6 +333,9 @@ endpoints:
default: 5672 default: 5672
pod: pod:
user:
heat:
uid: 1000
affinity: affinity:
anti: anti:
type: type:

2
magnum/templates/deployment-api.yaml
View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.magnum.uid }}
command: command:
- /tmp/magnum-api.sh - /tmp/magnum-api.sh
- start - start

2
magnum/templates/statefulset-conductor.yaml
View File

@ -43,6 +43,8 @@ spec:
image: {{ .Values.images.conductor }} image: {{ .Values.images.conductor }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.conductor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.magnum.uid }}
command: command:
- /tmp/magnum-conductor.sh - /tmp/magnum-conductor.sh
volumeMounts: volumeMounts:

3
magnum/values.yaml
View File

@ -209,6 +209,9 @@ endpoints:
default: 5672 default: 5672
pod: pod:
user:
magnum:
uid: 1000
affinity: affinity:
anti: anti:
type: type:

3
mistral/values.yaml
View File

@ -240,6 +240,9 @@ conf:
memcache_security_strategy: ENCRYPT memcache_security_strategy: ENCRYPT
pod: pod:
user:
mistral:
uid: 1000
affinity: affinity:
anti: anti:
type: type:

2
senlin/templates/deployment-api.yaml
View File

@ -47,6 +47,8 @@ spec:
image: {{ .Values.images.api }} image: {{ .Values.images.api }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.senlin.uid }}
command: command:
- /tmp/senlin-api.sh - /tmp/senlin-api.sh
- start - start

2
senlin/templates/statefulset-engine.yaml
View File

@ -43,6 +43,8 @@ spec:
image: {{ .Values.images.engine }} image: {{ .Values.images.engine }}
imagePullPolicy: {{ .Values.images.pull_policy }} imagePullPolicy: {{ .Values.images.pull_policy }}
{{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.engine | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
runAsUser: {{ .Values.pod.user.senlin.uid }}
command: command:
- /tmp/senlin-engine.sh - /tmp/senlin-engine.sh
volumeMounts: volumeMounts:

3
senlin/values.yaml
View File

@ -209,6 +209,9 @@ endpoints:
default: 5672 default: 5672
pod: pod:
user:
senlin:
uid: 1000
affinity: affinity:
anti: anti:
type: type: