Skip to content

Commit

Permalink
Add runAsGroup in SecurityContext (helm#101) (helm#21174)
Browse files Browse the repository at this point in the history 
Signed-off-by: devOpsHelm <devops+1@hazelcast.com>
  • Loading branch information
@devOpsHelm
devOpsHelm authored and Ian Levesque committed Jul 13, 2020
1 parent bf80144 commit 1c071f4
Show file tree
Hide file tree
Showing 7 changed files with 12 additions and 1 deletion.
2 changes: 1 addition & 1 deletion stable/hazelcast-jet/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ tillerVersion: ">=2.7.2"
kubeVersion: ">=1.9.0-0"
description: Hazelcast Jet is an application embeddable, distributed computing engine built on top of Hazelcast In-Memory Data Grid (IMDG). With Hazelcast IMDG providing storage functionality, Hazelcast Jet performs parallel execution to enable data-intensive applications to operate in near real-time.
name: hazelcast-jet
version: 1.3.1
version: 1.3.2
keywords:
- hazelcast
- jet
Expand Down
3 changes: 3 additions & 0 deletions stable/hazelcast-jet/README.adoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,9 @@ Hazelcast Jet Management Center |`+true+`
|`+securityContext.runAsUser+` |User ID used to run the Hazelcast Jet and
Hazelcast Jet Management Center containers |`+1001+`

| `securityContext.runAsGroup` |Primary Group ID used to run all processes in the
Hazelcast Jet and Hazelcast Jet Management Center containers | `+65534+`

|`+securityContext.fsGroup+` |Group ID associated with the Hazelcast Jet and
Hazelcast Jet Management Center container |`+1001+`

Expand Down
1 change: 1 addition & 0 deletions stable/hazelcast-jet/templates/management-center-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,7 @@ spec:
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
containers:
Expand Down
1 change: 1 addition & 0 deletions stable/hazelcast-jet/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -88,6 +88,7 @@ spec:
{{- if .Values.securityContext.enabled }}
securityContext:
runAsUser: {{ .Values.securityContext.runAsUser }}
runAsGroup: {{ .Values.securityContext.runAsGroup }}
fsGroup: {{ .Values.securityContext.fsGroup }}
{{- end }}
volumes:
Expand Down
2 changes: 2 additions & 0 deletions stable/hazelcast-jet/templates/tests/test-hazelcast-jet.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ spec:
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 4 }}
Expand All @@ -38,6 +39,7 @@ spec:
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
Expand Down
2 changes: 2 additions & 0 deletions stable/hazelcast-jet/templates/tests/test-management-center.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ spec:
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
{{- if .Values.nodeSelector }}
nodeSelector:
{{ toYaml .Values.nodeSelector | indent 4 }}
Expand All @@ -37,6 +38,7 @@ spec:
securityContext:
runAsNonRoot: true
runAsUser: 1001
runAsGroup: 1001
privileged: false
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
Expand Down
2 changes: 2 additions & 0 deletions stable/hazelcast-jet/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,8 @@ securityContext:
enabled: true
# runAsUser is the user ID used to run the container
runAsUser: 1001
# runAsGroup is the primary group ID used to run all processes within any container of the pod
runAsGroup: 1001
# fsGroup is the group ID associated with the container
fsGroup: 1001

Expand Down

0 comments on commit 1c071f4

Please sign in to comment.