From b4d0793b988953dfde5a2aaae790bbaea4153f06 Mon Sep 17 00:00:00 2001 From: "KHIYANI, RAHUL (rk0850)" Date: Wed, 21 Oct 2020 10:27:18 -0500 Subject: [PATCH] Add pod/contianer security context template to create_db.yaml This enables the runAsUser and ReadOnly-fs flags overridden in values.yaml Change-Id: I2e5cbd57f90ef1f5c09b7a54cd04d92dcfd8edc5 --- alerta/Chart.yaml | 2 +- alerta/templates/create_db.yaml | 2 ++ alerta/values.yaml | 2 +- 3 files changed, 4 insertions(+), 2 deletions(-) diff --git a/alerta/Chart.yaml b/alerta/Chart.yaml index c76c96058..4d0556cd1 100644 --- a/alerta/Chart.yaml +++ b/alerta/Chart.yaml @@ -15,7 +15,7 @@ apiVersion: v1 appVersion: v8.0.2 description: OpenStack-Helm Alerta for Alertmanager. name: alerta -version: 0.1.4 +version: 0.1.5 home: https://github.com/alerta/alerta sources: - https://github.com/alerta/alerta diff --git a/alerta/templates/create_db.yaml b/alerta/templates/create_db.yaml index 85d95e595..08ddb647a 100644 --- a/alerta/templates/create_db.yaml +++ b/alerta/templates/create_db.yaml @@ -22,10 +22,12 @@ kind: Pod metadata: name: alerta-create-db spec: +{{ dict "envAll" $envAll "application" "alerta_create_db" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 2 }} restartPolicy: Never containers: - name: alerta-create-db {{ tuple $envAll "alerta_create_db" | include "helm-toolkit.snippets.image" | indent 4 }} +{{ dict "envAll" $envAll "application" "alerta_create_db" "container" "alerta_create_db" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 4 }} env: - name: DB_FQDN valueFrom: diff --git a/alerta/values.yaml b/alerta/values.yaml index b0d7b13c4..70956711d 100644 --- a/alerta/values.yaml +++ b/alerta/values.yaml @@ -69,7 +69,7 @@ pod: pod: runAsUser: 65534 container: - postgresql_create_db: + alerta_create_db: readOnlyRootFilesystem: true allowPrivilegeEscalation: false server: