From 4eb069dd88a3678977182c6ad4cfbedd6293296c Mon Sep 17 00:00:00 2001
From: "KHIYANI, RAHUL (rk0850)" <rk0850@att.com>
Date: Wed, 5 Aug 2020 13:23:33 -0500
Subject: [PATCH] Add missing security context template to promenade init
 container

This change adds security context template at container level
to implement readOnly-fs flag

Change-Id: Iab814a3dd5a9bc46251939d6335af6aab21e5eb5
---
 charts/promenade/templates/deployment-api.yaml | 1 +
 charts/promenade/values.yaml                   | 3 +++
 2 files changed, 4 insertions(+)

diff --git a/charts/promenade/templates/deployment-api.yaml b/charts/promenade/templates/deployment-api.yaml
index 2b98576e..c67bf3d9 100644
--- a/charts/promenade/templates/deployment-api.yaml
+++ b/charts/promenade/templates/deployment-api.yaml
@@ -52,6 +52,7 @@ spec:
       terminationGracePeriodSeconds: {{ .Values.pod.lifecycle.termination_grace_period.api.timeout | default "30" }}
       initContainers:
       - name: promenade-util
+{{ dict "envAll" $envAll "application" "promenade" "container" "promenade_util" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 8 }}
         command:
 {{- if $mounts_promenade_api.volumeMounts }}
           - "cp"
diff --git a/charts/promenade/values.yaml b/charts/promenade/values.yaml
index 6b0d3818..d82692f7 100644
--- a/charts/promenade/values.yaml
+++ b/charts/promenade/values.yaml
@@ -179,6 +179,9 @@ pod:
       pod:
         runAsUser: 65534
       container:
+        promenade_util:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
         promenade_api:
           readOnlyRootFilesystem: true
           allowPrivilegeEscalation: false