aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKrzysztof Opasiak <k.opasiak@samsung.com>2020-05-22 14:35:36 +0000
committerGerrit Code Review <gerrit@onap.org>2020-05-22 14:35:36 +0000
commita1365a751a5f9bfa4acaa6812c90291979102a6b (patch)
tree7a5fe1a5ec49e9765372cf9892fca410ae9055d8
parent1021eeb438aaede0d3f581d05ef8793611e1a765 (diff)
parent6bb10e47855fc80972eede63dbaaddc28f7f7edc (diff)
Merge "[COMMON] Security Context templates"
-rw-r--r--kubernetes/common/common/templates/_pod.tpl21
1 files changed, 21 insertions, 0 deletions
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index d3fc25ad6e..de2548562d 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -47,3 +47,24 @@
{{- end }}
{{- end }}
{{- end -}}
+
+{{/*
+ Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+ runAsUser: {{ .Values.securityContext.user_id }}
+ runAsGroup: {{ .Values.securityContext.group_id }}
+ fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+ Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+ readOnlyRootFilesystem: true
+ privileged: false
+ allowPrivilegeEscalation: false
+{{- end }}
+