Create Security contexts templates for pod and containers.
Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iab9a75627e1c5427ebe8dfb07c59ef1a17198c5e
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+ Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+{{- end }}
+