From 1700ab946fe53bed359b33e952f1cdcfd28756c8 Mon Sep 17 00:00:00 2001 From: Brendan Dalpe Date: Thu, 13 Jul 2023 22:12:13 -0500 Subject: [PATCH] Update securityContext for workergroup template --- .../logstream-workergroup/templates/_pod.tpl | 27 ++++++++++++------- .../tests/fixtures/securityContext.yaml | 7 +++++ 2 files changed, 25 insertions(+), 9 deletions(-) create mode 100644 helm-chart-sources/logstream-workergroup/tests/fixtures/securityContext.yaml diff --git a/helm-chart-sources/logstream-workergroup/templates/_pod.tpl b/helm-chart-sources/logstream-workergroup/templates/_pod.tpl index 1cfb49f..42889f1 100644 --- a/helm-chart-sources/logstream-workergroup/templates/_pod.tpl +++ b/helm-chart-sources/logstream-workergroup/templates/_pod.tpl @@ -14,20 +14,29 @@ initContainers: {{- if .Values.config.hostNetwork }} hostNetwork: true {{- end }} +{{- if .Values.podSecurityContext }} +securityContext: +{{- range $key, $value := .Values.podSecurityContext }} +{{- if or (eq $key "runAsUser") (eq $key "runAsGroup") (eq $key "fsGroup")}} + {{ $key }}: {{ $value | int }} +{{- else }} + {{ $key }}: {{ $value | int }} +{{- end }} +{{- end }} +{{- end }} containers: - name: {{ .Chart.Name }} image: "{{ .Values.criblImage.repository }}:{{ .Values.criblImage.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.criblImage.pullPolicy }} {{- if .Values.securityContext }} - command: - - bash - - -c - - | - set -x - apt update; apt-get install -y gosu - useradd -d /opt/cribl -g "{{- .Values.securityContext.runAsGroup }}" -u "{{- .Values.securityContext.runAsUser }}" cribl - chown -R "{{- .Values.securityContext.runAsUser }}:{{- .Values.securityContext.runAsGroup }}" /opt/cribl - gosu "{{- .Values.securityContext.runAsUser }}:{{- .Values.securityContext.runAsGroup }}" /sbin/entrypoint.sh cribl + securityContext: + {{- range $key, $value := .Values.securityContext }} + {{- if or (eq $key "runAsUser") (eq $key "runAsGroup") (eq $key "fsGroup")}} + {{ $key }}: {{ $value | int }} + {{- else }} + {{ $key }}: {{ $value | int }} + {{- end }} + {{- end }} {{- end }} {{- if .Values.config.probes }} {{- with .Values.config.livenessProbe }} diff --git a/helm-chart-sources/logstream-workergroup/tests/fixtures/securityContext.yaml b/helm-chart-sources/logstream-workergroup/tests/fixtures/securityContext.yaml new file mode 100644 index 0000000..cf5efad --- /dev/null +++ b/helm-chart-sources/logstream-workergroup/tests/fixtures/securityContext.yaml @@ -0,0 +1,7 @@ +securityContext: + runAsUser: 1000620000 + runAsGroup: 1000620000 + +podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 \ No newline at end of file