ETCD: Add pod/container security context
This updates the etcd chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem flag to false Change-Id: I34a8ab3e850779192491b9b127a82b82f05fa00b
This commit is contained in:
parent
fefd664cd8
commit
f50a0c8d78
|
@ -43,6 +43,7 @@ spec:
|
|||
labels:
|
||||
{{ $labels | indent 8 }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "anchor" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
|
||||
hostNetwork: true
|
||||
{{- if .Values.anchor.dns_policy }}
|
||||
dnsPolicy: {{ .Values.anchor.dns_policy }}
|
||||
|
@ -63,6 +64,7 @@ spec:
|
|||
image: {{ .Values.images.tags.etcdctl }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.daemonset_anchor | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
|
||||
{{ dict "envAll" $envAll "application" "anchor" "container" "etcdctl" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
|
||||
command:
|
||||
- /tmp/bin/etcdctl_anchor
|
||||
env:
|
||||
|
|
|
@ -32,12 +32,14 @@ metadata:
|
|||
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" }}
|
||||
{{- dict "envAll" $envAll "podName" .Values.service.name "containerNames" (list "etcd") | include "helm-toolkit.snippets.kubernetes_mandatory_access_control_annotation" | indent 4 }}
|
||||
spec:
|
||||
{{ dict "envAll" $envAll "application" "etcd" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }}
|
||||
hostNetwork: true
|
||||
containers:
|
||||
- name: etcd
|
||||
image: {{ .Values.images.tags.etcd }}
|
||||
imagePullPolicy: {{ .Values.images.pull_policy }}
|
||||
{{ tuple $envAll $envAll.Values.pod.resources.etcd_pod | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
|
||||
{{ dict "envAll" $envAll "application" "etcd" "container" "etcd" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
|
||||
env:
|
||||
- name: ETCD_NAME
|
||||
valueFrom:
|
||||
|
|
|
@ -97,6 +97,21 @@ dependencies:
|
|||
jobs:
|
||||
- etcd_backup_job
|
||||
pod:
|
||||
security_context:
|
||||
anchor:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
etcdctl:
|
||||
runAsUser: 0
|
||||
readOnlyRootFilesystem: false
|
||||
etcd:
|
||||
pod:
|
||||
runAsUser: 65534
|
||||
container:
|
||||
etcd:
|
||||
runAsUser: 0
|
||||
readOnlyRootFilesystem: false
|
||||
mounts:
|
||||
daemonset_anchor:
|
||||
daemonset_anchor:
|
||||
|
|
Loading…
Reference in New Issue