Add missing security context template to promenade init container

This change adds security context template at container level to implement readOnly-fs flag Change-Id: Iab814a3dd5a9bc46251939d6335af6aab21e5eb5
2020-08-05 13:23:33 -05:00 · 2020-08-05 13:23:33 -05:00 · 4eb069dd88
parent fffb57109d
commit 4eb069dd88
2 changed files with 4 additions and 0 deletions
--- a/charts/promenade/templates/deployment-api.yaml
+++ b/charts/promenade/templates/deployment-api.yaml
@ -52,6 +52,7 @@ spec:
      terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
      initContainers:
      - name: promenade-util
+{{ dict "envAll" $envAll "application" "promenade" "container" "promenade_util" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
        command:
 {{- if $mounts_promenade_api.volumeMounts }}
          - "cp"
--- a/charts/promenade/values.yaml
+++ b/charts/promenade/values.yaml
@ -179,6 +179,9 @@ pod:
      pod:
        runAsUser: 65534
      container:
+        promenade_util:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
        promenade_api:
          readOnlyRootFilesystem: true
          allowPrivilegeEscalation: false