From c57391366a73529bcac0635511489b91ebe71b4a Mon Sep 17 00:00:00 2001
From: PrateekDodda <pd2839@att.com>
Date: Fri, 28 Aug 2020 22:02:09 -0500
Subject: [PATCH] Implement missing security context template for deployment
server
This change adds security context template at pod/container level
Change-Id: I2180cdf934ce21bc5ae7148f2830d1a8683e82db
---
neutron/templates/deployment-ironic-agent.yaml | 2 +-
neutron/values.yaml | 7 +++++++
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/neutron/templates/deployment-ironic-agent.yaml b/neutron/templates/deployment-ironic-agent.yaml
index 873cc27a79..3fb0f1d65a 100644
--- a/neutron/templates/deployment-ironic-agent.yaml
+++ b/neutron/templates/deployment-ironic-agent.yaml
@@ -60,7 +60,7 @@ spec:
- name: neutron-ironic-agent
{{ tuple $envAll "neutron_ironic_agent" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.ironic_agent | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-{{ dict "envAll" $envAll "application" "neutron" "container" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
+{{ dict "envAll" $envAll "application" "neutron_ironic_agent" "container" "neutron_ironic_agent" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/neutron-ironic-agent.sh
- start
diff --git a/neutron/values.yaml b/neutron/values.yaml
index 78c6d4ee78..d859d67e3c 100644
--- a/neutron/values.yaml
+++ b/neutron/values.yaml
@@ -520,6 +520,9 @@ pod:
neutron_server:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
+ neutron_rpc_server:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
neutron_sriov_agent:
pod:
runAsUser: 42424
@@ -534,6 +537,10 @@ pod:
neutron_ironic_agent:
pod:
runAsUser: 42424
+ container:
+ neutron_ironic_agent:
+ allowPrivilegeEscalation: false
+ readOnlyRootFilesystem: true
neutron_netns_cleanup_cron:
pod:
runAsUser: 42424