Code Review / oom.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | review | tree
raw | patch | inline | side by side (parent: 41cf72f)
[COMMON] Security Context templates 85/107885/3
authorSylvain Desbureaux <sylvain.desbureaux@orange.com>
Tue, 19 May 2020 13:58:42 +0000 (15:58 +0200)
committerSylvain Desbureaux <sylvain.desbureaux@orange.com>
Wed, 20 May 2020 12:55:32 +0000 (12:55 +0000)
Create Security contexts templates for pod and containers.

Issue-ID: OOM-1971
Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com>
Change-Id: Iab9a75627e1c5427ebe8dfb07c59ef1a17198c5e

kubernetes/common/common/templates/_pod.tpl patch | blob | history

diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index d3fc25a..de25485 100644 (file)
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -47,3 +47,24 @@
 {{-     end }}
 {{-   end }}
 {{- end -}}
+
+{{/*
+   Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+  runAsUser: {{ .Values.securityContext.user_id }}
+  runAsGroup: {{ .Values.securityContext.group_id }}
+  fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+   Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+  readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
+{{- end }}
+
Introduces the ONAP Platform OOM (ONAP Operations Manager) to efficiently Deploy, Manage, Operate the ONAP platform and its components (e.g. MSO, DCAE, SDC, etc.) and infrastructure (VMs, Containers).