[COMMON] Security Context templates

Create Security contexts templates for pod and containers. Issue-ID: OOM-1971 Signed-off-by: Sylvain Desbureaux <sylvain.desbureaux@orange.com> Change-Id: Iab9a75627e1c5427ebe8dfb07c59ef1a17198c5e
author: Sylvain Desbureaux <sylvain.desbureaux@orange.com> 2020-05-19 15:58:42 +0200
committer: Sylvain Desbureaux <sylvain.desbureaux@orange.com> 2020-05-20 12:55:32 +0000
commit: 6bb10e47855fc80972eede63dbaaddc28f7f7edc (patch)
tree: 72108f44afca6263bdfadf721adb2c9412c1aa47 /kubernetes/common
parent: 41cf72f18803970b7dfb91d2537dd35a4342ac36 (diff)
1 files changed, 21 insertions, 0 deletions
diff --git a/kubernetes/common/common/templates/_pod.tpl b/kubernetes/common/common/templates/_pod.tpl
index d3fc25ad6e..de2548562d 100644
--- a/kubernetes/common/common/templates/_pod.tpl
+++ b/kubernetes/common/common/templates/_pod.tpl
@@ -47,3 +47,24 @@
 {{-     end }}
 {{-   end }}
 {{- end -}}
+
+{{/*
+   Generate securityContext for pod
+*/}}
+{{- define "common.podSecurityContext" -}}
+securityContext:
+  runAsUser: {{ .Values.securityContext.user_id }}
+  runAsGroup: {{ .Values.securityContext.group_id }}
+  fsGroup: {{ .Values.securityContext.group_id }}
+{{- end }}
+
+{{/*
+   Generate securityContext for container
+*/}}
+{{- define "common.containerSecurityContext" -}}
+securityContext:
+  readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
+{{- end }}
+
author	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	2020-05-19 15:58:42 +0200
committer	Sylvain Desbureaux <sylvain.desbureaux@orange.com>	2020-05-20 12:55:32 +0000
commit	6bb10e47855fc80972eede63dbaaddc28f7f7edc (patch)
tree	72108f44afca6263bdfadf721adb2c9412c1aa47 /kubernetes/common
parent	41cf72f18803970b7dfb91d2537dd35a4342ac36 (diff)