X-Git-Url: https://gerrit.onap.org/r/gitweb?a=blobdiff_plain;f=kubernetes%2Fcommon%2Fcommon%2Ftemplates%2F_pod.tpl;h=b38a7f1105bebdde995a4d6031f979b5d1028100;hb=0a2291b2872028a6ef7b5e9e4cd0c07f4b40f793;hp=d3fc25ad6ea5f3f57f1c10442de943de009ceae1;hpb=33c2105e28a74b72dc10acee8997f51462f6be0f;p=oom.git

diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index d3fc25ad6e..b38a7f1105 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -36,14 +36,34 @@
 {{- $global := . }}
 {{-   range $index, $port := $ports }}
 {{-     if (include "common.needTLS" $global) }}
-- containerPort: {{ $port.port }}
+- containerPort: {{ default $port.port $port.internal_port }}
 {{-     else }}
-- containerPort: {{ default $port.port $port.plain_port }}
+- containerPort: {{ default (default $port.port $port.internal_port) (default $port.plain_port $port.internal_plain_port) }}
 {{-     end }}
   name: {{ $port.name }}
 {{-     if (and $port.plain_port (and (include "common.needTLS" $global) $both_tls_and_plain))  }}
-- containerPort: {{ $port.plain_port }}
+- containerPort: {{ default $port.plain_port $port.internal_plain_port }}
   name: {{ $port.name }}-plain
 {{-     end }}
 {{-   end }}
 {{- end -}}
+
+{{/*
+   Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+  runAsUser: {{ .Values.securityContext.user_id }}
+  runAsGroup: {{ .Values.securityContext.group_id }}
+  fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+   Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+  readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
+{{- end }}