diff options
author | Krzysztof Opasiak <k.opasiak@samsung.com> | 2020-05-22 14:35:36 +0000 |
---|---|---|
committer | Gerrit Code Review <gerrit@onap.org> | 2020-05-22 14:35:36 +0000 |
commit | a1365a751a5f9bfa4acaa6812c90291979102a6b (patch) | |
tree | 7a5fe1a5ec49e9765372cf9892fca410ae9055d8 | |
parent | 1021eeb438aaede0d3f581d05ef8793611e1a765 (diff) | |
parent | 6bb10e47855fc80972eede63dbaaddc28f7f7edc (diff) |
Merge "[COMMON] Security Context templates"
-rw-r--r-- | kubernetes/common/common/templates/_pod.tpl | 21 |
1 files changed, 21 insertions, 0 deletions
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl index d3fc25ad6e..de2548562d 100644 --- a/kubernetes/common/common/templates/_pod.tpl +++ b/kubernetes/common/common/templates/_pod.tpl @@ -47,3 +47,24 @@ {{- end }} {{- end }} {{- end -}} + +{{/* + Generate securityContext for pod +*/}} +{{- define "common.podSecurityContext" -}} +securityContext: + runAsUser: {{ .Values.securityContext.user_id }} + runAsGroup: {{ .Values.securityContext.group_id }} + fsGroup: {{ .Values.securityContext.group_id }} +{{- end }} + +{{/* + Generate securityContext for container +*/}} +{{- define "common.containerSecurityContext" -}} +securityContext: + readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false +{{- end }} + |