Implement Security Context for Horizon

Implement container security context for the following Horizon resources: - Horizon server deployment Change-Id: I8202cd011f4c4f73d778c5f0ad2648440e259e5d
2019-03-18 14:44:23 -05:00 · 2019-03-18 14:44:23 -05:00 · b5063695b0
parent 1d0e21e370
commit b5063695b0
2 changed files with 8 additions and 4 deletions
--- a/horizon/templates/deployment.yaml
+++ b/horizon/templates/deployment.yaml
@ -46,8 +46,6 @@ spec:
        configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
        configmap-etc-hash: {{ tuple "configmap-etc.yaml" . | include "helm-toolkit.utils.hash" }}
    spec:
-      securityContext:
-        readOnlyRootFilesystem: true
      serviceAccountName: {{ $serviceAccountName }}
 {{ dict "envAll" $envAll "application" "horizon" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
      affinity:
@ -61,6 +59,7 @@ spec:
        - name: horizon
 {{ tuple $envAll "horizon" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.server | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
+{{ dict "envAll" $envAll "application" "horizon" "container" "horizon" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          securityContext:
            runAsUser: 0
          command:
--- a/horizon/values.yaml
+++ b/horizon/values.yaml
@ -1978,9 +1978,14 @@ dependencies:
          service: local_image_registry

 pod:
-  user:
+  security_context:
    horizon:
-      uid: 42424
+      pod:
+        runAsUser: 42424
+      container:
+        horizon:
+          readOnlyRootFilesystem: true
+          allowPrivilegeEscalation: false
  affinity:
    anti:
      type: