Barbican: Add security context to chart and read-only-fs
This PS adds the security context macros to the barbican chart, and sets the default to read-only-rootfs Change-Id: I2dad0a50b23f2d202d6cd89b96d308321001fbe9
This commit is contained in:
parent
d0b135cd77
commit
5ad45700f4
@ -46,6 +46,7 @@ spec:
|
||||
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "barbican" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
serviceAccountName: {{ $serviceAccountName }}
|
||||
affinity:
|
||||
{{ tuple $envAll "barbican" "api" | include "helm-toolkit.snippets.kubernetes_pod_anti_affinity" | indent 8 }}
|
||||
@ -57,8 +58,7 @@ spec:
|
||||
- name: barbican-api
|
||||
{{ tuple $envAll "barbican_api" | include "helm-toolkit.snippets.image" | indent 10 }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
securityContext:
|
||||
runAsUser: {{ .Values.pod.user.barbican.uid }}
|
||||
{{ dict "envAll" $envAll "application" "barbican" "container" "barbican_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
command:
|
||||
- /tmp/barbican.sh
|
||||
- start
|
||||
|
@ -50,9 +50,14 @@ images:
|
||||
- image_repo_sync
|
||||
|
||||
pod:
|
||||
user:
|
||||
security_context:
|
||||
barbican:
|
||||
uid: 42424
|
||||
pod:
|
||||
runAsUser: 42424
|
||||
container:
|
||||
barbican_api:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
affinity:
|
||||
anti:
|
||||
type:
|
||||
|
Loading…
x
Reference in New Issue
Block a user