From 2b841200342c2fb2d3d7aaccb4802c18592ca8e0 Mon Sep 17 00:00:00 2001
From: Rahul Khiyani <rk0850@att.com>
Date: Tue, 12 Mar 2019 18:35:32 -0400
Subject: [PATCH] Memcached securityContext

securityContext with readOnlyRootFilesystem is implemented at container
level and leveraged the helm-toolkit snippet

Change-Id: I8b16e9c17154a2bac162f31939b510fcd773126b
---
 memcached/templates/deployment.yaml            |  1 +
 .../prometheus/exporter-deployment.yaml        |  3 +--
 memcached/values.yaml                          | 18 ++++++++++++------
 3 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml
index 931da801fe..6962cf7317 100644
--- a/memcached/templates/deployment.yaml
+++ b/memcached/templates/deployment.yaml
@@ -59,6 +59,7 @@ spec:
         - name: memcached
 {{ tuple $envAll "memcached" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "server" "container" "memcached" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           env:
             - name: MEMCACHED_PORT
               value: {{ tuple "oslo_cache" "internal" "memcache" . | include "helm-toolkit.endpoints.endpoint_port_lookup" | quote }}
diff --git a/memcached/templates/monitoring/prometheus/exporter-deployment.yaml b/memcached/templates/monitoring/prometheus/exporter-deployment.yaml
index 33fda3965e..fb12cc1e6d 100644
--- a/memcached/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/memcached/templates/monitoring/prometheus/exporter-deployment.yaml
@@ -53,8 +53,7 @@ spec:
           image: {{ .Values.images.tags.prometheus_memcached_exporter }}
           imagePullPolicy: {{ .Values.images.pull_policy }}
 {{ tuple $envAll $envAll.Values.pod.resources.prometheus_memcached_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            allowPrivilegeEscalation: false
+{{ dict "envAll" $envAll "application" "memcached_exporter" "container" "memcached_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
           command:
             - /tmp/memcached-exporter.sh
             - start
diff --git a/memcached/values.yaml b/memcached/values.yaml
index 8dfcf5464d..c601c95fc3 100644
--- a/memcached/values.yaml
+++ b/memcached/values.yaml
@@ -144,14 +144,20 @@ manifests:
       service_exporter: true
 
 pod:
-  user:
+  security_context:
     memcached_exporter:
-      uid: 65534
+      pod:
+        runAsUser: 65534
+      container:
+        memcached_exporter:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
     server:
-      uid: 65534
-  securityContext:
-    server:
-      readOnlyRootFilesystem: true
+      pod:
+        runAsUser: 65534
+      container:
+        memcached:
+          readOnlyRootFilesystem: true
   affinity:
     anti:
       topologyKey: