Skip to content

Commit

Permalink
fix: nest .Values.seccompProfile.enable and .Values.securityContext.e…
Browse files Browse the repository at this point in the history 
…nabled correctly (#2874)

* fix: set securityContext only in case of opt-in

* fix: nesting of secCompProfile and securityContext
  • Loading branch information
@CarstenSon
CarstenSon authored Jan 29, 2025
1 parent f5d62b0 commit 342916b
Show file tree
Hide file tree
Showing 12 changed files with 14 additions and 10 deletions.
2 changes: 1 addition & 1 deletion helm-chart/templates/adservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/cartservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -237,11 +237,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: redis
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/checkoutservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/currencyservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/emailservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/frontend.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,11 +56,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/loadgenerator.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -59,11 +59,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
{{- if .Values.loadGenerator.checkFrontendInitContainer }}
initContainers:
- command:
Expand Down
2 changes: 2 additions & 0 deletions helm-chart/templates/opentelemetry-collector.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ spec:
{{- else }}
serviceAccountName: default
{{- end }}
{{- if .Values.securityContext.enable }}
securityContext:
fsGroup: 1000
runAsGroup: 1000
Expand All @@ -56,6 +57,7 @@ spec:
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
{{- if eq .Values.opentelemetryCollector.projectId "PROJECT_ID" }}
initContainers:
# Init container retrieves the current cloud project id from the metadata server
Expand Down
2 changes: 2 additions & 0 deletions helm-chart/templates/paymentservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,6 +49,7 @@ spec:
serviceAccountName: default
{{- end }}
terminationGracePeriodSeconds: 5
{{- if .Values.securityContext.enable }}
securityContext:
fsGroup: 1000
runAsGroup: 1000
Expand All @@ -58,6 +59,7 @@ spec:
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/productcatalogservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,11 +55,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/recommendationservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,12 +55,12 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
containers:
{{- end }}
- name: server
securityContext:
allowPrivilegeEscalation: false
Expand Down
2 changes: 1 addition & 1 deletion helm-chart/templates/shippingservice.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -54,11 +54,11 @@ spec:
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
{{- end }}
{{- if .Values.seccompProfile.enable }}
seccompProfile:
type: {{ .Values.seccompProfile.type }}
{{- end }}
{{- end }}
containers:
- name: server
securityContext:
Expand Down

0 comments on commit 342916b

Please sign in to comment.