Merge "Implement Security Context for Keystone"

This commit is contained in:
Zuul 2019-03-22 21:32:30 +00:00 committed by Gerrit Code Review
commit d40d2d084d
2 changed files with 8 additions and 6 deletions

View File

@ -46,8 +46,6 @@ spec:
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
spec:
securityContext:
readOnlyRootFilesystem: true
{{ dict "envAll" $envAll "application" "keystone" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
serviceAccountName: {{ $serviceAccountName }}
affinity:
@ -61,8 +59,7 @@ spec:
- name: keystone-api
{{ tuple $envAll "keystone_api" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.api | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext:
allowPrivilegeEscalation: false
{{ dict "envAll" $envAll "application" "keystone" "container" "keystone_api" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command:
- /tmp/keystone-api.sh
- start

View File

@ -152,9 +152,14 @@ dependencies:
service: local_image_registry
pod:
user:
security_context:
keystone:
uid: 42424
pod:
runAsUser: 42424
container:
keystone_api:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
affinity:
anti:
type: