From: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Date: Tue, 19 May 2020 13:58:42 +0000 (+0200)
Subject: [COMMON] Security Context templates
X-Git-Tag: 7.0.0~420^2
X-Git-Url: https://gerrit.onap.org/r/gitweb?a=commitdiff_plain;h=6bb10e47855fc80972eede63dbaaddc28f7f7edc;p=oom.git

[COMMON] Security Context templates

Create Security contexts templates for pod and containers.

Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iab9a75627e1c5427ebe8dfb07c59ef1a17198c5e
---

diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index d3fc25ad6e..de2548562d 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -47,3 +47,24 @@
 {{-     end }}
 {{-   end }}
 {{- end -}}
+
+{{/*
+   Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+  runAsUser: {{ .Values.securityContext.user_id }}
+  runAsGroup: {{ .Values.securityContext.group_id }}
+  fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+   Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+  readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
+{{- end }}
+