From f64582c1737fc85452c85a0d8b813554da1c49b8 Mon Sep 17 00:00:00 2001 From: rjshrjndrn Date: Thu, 3 Nov 2022 04:00:12 +0100 Subject: [PATCH] chore(helm): Adding security context to pods --- .../helmcharts/openreplay/charts/alerts/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/assets/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/assist/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/chalice/values.yaml | 12 ++++++++++-- scripts/helmcharts/openreplay/charts/db/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/ender/values.yaml | 12 ++++++++++-- .../openreplay/charts/frontend/values.yaml | 12 ++++++++++-- .../openreplay/charts/heuristics/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/http/values.yaml | 12 ++++++++++-- .../openreplay/charts/integrations/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/peers/values.yaml | 12 ++++++++++-- .../openreplay/charts/quickwit/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/sink/values.yaml | 6 ++++-- .../openreplay/charts/sourcemapreader/values.yaml | 12 ++++++++++-- .../helmcharts/openreplay/charts/storage/values.yaml | 6 ++++-- .../openreplay/charts/utilities/values.yaml | 10 ++++++++++ scripts/helmcharts/openreplay/values.yaml | 12 ++++++++++-- 17 files changed, 158 insertions(+), 32 deletions(-) diff --git a/scripts/helmcharts/openreplay/charts/alerts/values.yaml b/scripts/helmcharts/openreplay/charts/alerts/values.yaml index 6562c3a46..a27fc9117 100644 --- a/scripts/helmcharts/openreplay/charts/alerts/values.yaml +++ b/scripts/helmcharts/openreplay/charts/alerts/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/assets/values.yaml b/scripts/helmcharts/openreplay/charts/assets/values.yaml index 2597ed36c..f750695b7 100644 --- a/scripts/helmcharts/openreplay/charts/assets/values.yaml +++ b/scripts/helmcharts/openreplay/charts/assets/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/assist/values.yaml b/scripts/helmcharts/openreplay/charts/assist/values.yaml index eb9016cae..056854751 100644 --- a/scripts/helmcharts/openreplay/charts/assist/values.yaml +++ b/scripts/helmcharts/openreplay/charts/assist/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/chalice/values.yaml b/scripts/helmcharts/openreplay/charts/chalice/values.yaml index 98a01ab8b..05802a9a6 100644 --- a/scripts/helmcharts/openreplay/charts/chalice/values.yaml +++ b/scripts/helmcharts/openreplay/charts/chalice/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/db/values.yaml b/scripts/helmcharts/openreplay/charts/db/values.yaml index 7d375c594..d03e000ef 100644 --- a/scripts/helmcharts/openreplay/charts/db/values.yaml +++ b/scripts/helmcharts/openreplay/charts/db/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/ender/values.yaml b/scripts/helmcharts/openreplay/charts/ender/values.yaml index c751680d4..7e51481a8 100644 --- a/scripts/helmcharts/openreplay/charts/ender/values.yaml +++ b/scripts/helmcharts/openreplay/charts/ender/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/frontend/values.yaml b/scripts/helmcharts/openreplay/charts/frontend/values.yaml index 822cf6899..ef8815d4f 100644 --- a/scripts/helmcharts/openreplay/charts/frontend/values.yaml +++ b/scripts/helmcharts/openreplay/charts/frontend/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/heuristics/values.yaml b/scripts/helmcharts/openreplay/charts/heuristics/values.yaml index ec8400866..d91bd936d 100644 --- a/scripts/helmcharts/openreplay/charts/heuristics/values.yaml +++ b/scripts/helmcharts/openreplay/charts/heuristics/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/http/values.yaml b/scripts/helmcharts/openreplay/charts/http/values.yaml index 7a96d525d..f4c0d5841 100644 --- a/scripts/helmcharts/openreplay/charts/http/values.yaml +++ b/scripts/helmcharts/openreplay/charts/http/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/integrations/values.yaml b/scripts/helmcharts/openreplay/charts/integrations/values.yaml index 191ed7047..dcc862a2c 100644 --- a/scripts/helmcharts/openreplay/charts/integrations/values.yaml +++ b/scripts/helmcharts/openreplay/charts/integrations/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/peers/values.yaml b/scripts/helmcharts/openreplay/charts/peers/values.yaml index 4643a75a7..57fc30bde 100644 --- a/scripts/helmcharts/openreplay/charts/peers/values.yaml +++ b/scripts/helmcharts/openreplay/charts/peers/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/quickwit/values.yaml b/scripts/helmcharts/openreplay/charts/quickwit/values.yaml index eaea505f8..0e91a4a58 100644 --- a/scripts/helmcharts/openreplay/charts/quickwit/values.yaml +++ b/scripts/helmcharts/openreplay/charts/quickwit/values.yaml @@ -43,10 +43,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/sink/values.yaml b/scripts/helmcharts/openreplay/charts/sink/values.yaml index a37ecfa41..23ea52025 100644 --- a/scripts/helmcharts/openreplay/charts/sink/values.yaml +++ b/scripts/helmcharts/openreplay/charts/sink/values.yaml @@ -25,14 +25,16 @@ serviceAccount: podAnnotations: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 podSecurityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 fsGroupChangePolicy: "OnRootMismatch" - # fsGroup: 2000 -securityContext: {} +#securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/sourcemapreader/values.yaml b/scripts/helmcharts/openreplay/charts/sourcemapreader/values.yaml index 7ad87ec12..d7a0341a5 100644 --- a/scripts/helmcharts/openreplay/charts/sourcemapreader/values.yaml +++ b/scripts/helmcharts/openreplay/charts/sourcemapreader/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/storage/values.yaml b/scripts/helmcharts/openreplay/charts/storage/values.yaml index b73c2cf1e..85fa7ea65 100644 --- a/scripts/helmcharts/openreplay/charts/storage/values.yaml +++ b/scripts/helmcharts/openreplay/charts/storage/values.yaml @@ -25,14 +25,16 @@ serviceAccount: podAnnotations: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 podSecurityContext: runAsUser: 1001 runAsGroup: 1001 fsGroup: 1001 fsGroupChangePolicy: "OnRootMismatch" - # fsGroup: 2000 -securityContext: {} +#securityContext: {} # capabilities: # drop: # - ALL diff --git a/scripts/helmcharts/openreplay/charts/utilities/values.yaml b/scripts/helmcharts/openreplay/charts/utilities/values.yaml index 90632b4c2..670427b8b 100644 --- a/scripts/helmcharts/openreplay/charts/utilities/values.yaml +++ b/scripts/helmcharts/openreplay/charts/utilities/values.yaml @@ -84,3 +84,13 @@ fullnameOverride: "utilities-openreplay" # refer: https://crontab.guru/#5_3_*_*_1 cron: "5 3 */3 * *" +# Pod configurations + +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" diff --git a/scripts/helmcharts/openreplay/values.yaml b/scripts/helmcharts/openreplay/values.yaml index 3ca50018a..f836866fe 100644 --- a/scripts/helmcharts/openreplay/values.yaml +++ b/scripts/helmcharts/openreplay/values.yaml @@ -25,10 +25,18 @@ serviceAccount: podAnnotations: {} -podSecurityContext: {} +securityContext: + runAsUser: 1001 + runAsGroup: 1001 +podSecurityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + fsGroupChangePolicy: "OnRootMismatch" +# podSecurityContext: {} # fsGroup: 2000 -securityContext: {} +# securityContext: {} # capabilities: # drop: # - ALL