diff options
| author |   Andreas Geissler <andreas-geissler@telekom.de> | 2024-10-14 15:10:37 +0200 |
|---|---|---|
| committer | Andreas Geissler <andreas-geissler@telekom.de> | 2024-10-15 18:43:41 +0200 |
| commit | cf70098d182c07c4091fd83b3a704a249a4eac7e (patch) | |
| tree | 448e9a082426ced6f7f81a4953d85c68b91c6183 /kubernetes/common | |
| parent | 0cb45591810f3d121e90a55a8899244514145b10 (diff) | |
[ETCD] Add kyverno policy fixes
Add securityContext settings to resolve kyverno policy violations
Fix Jira Links in all release notes.
Issue-ID: OOM-3314
Change-Id: Ief20d42f2e4825754bf8d1a142665c7dd176a1d9
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
Diffstat (limited to 'kubernetes/common')
| -rw-r--r-- | kubernetes/common/etcd/Chart.yaml | 3 | ||||
| -rw-r--r-- | kubernetes/common/etcd/templates/statefulset.yaml | 3 | ||||
| -rw-r--r-- | kubernetes/common/etcd/values.yaml | 5 |
3 files changed, 10 insertions, 1 deletions
diff --git a/kubernetes/common/etcd/Chart.yaml b/kubernetes/common/etcd/Chart.yaml index 465364b3da..bd508c57fd 100644 --- a/kubernetes/common/etcd/Chart.yaml +++ b/kubernetes/common/etcd/Chart.yaml @@ -1,6 +1,7 @@ # Copyright © 2019 Intel Corporation # Modifications Copyright © 2021 Orange # Modifications Copyright © 2021 Nordix Foundation +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -17,7 +18,7 @@ apiVersion: v2 name: etcd home: https://github.com/coreos/etcd -version: 13.0.0 +version: 13.0.1 appVersion: 2.2.5 description: Distributed reliable key-value store for the most critical data of a distributed system. diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml index 722a27d791..c71d3295eb 100644 --- a/kubernetes/common/etcd/templates/statefulset.yaml +++ b/kubernetes/common/etcd/templates/statefulset.yaml @@ -1,5 +1,6 @@ {{/* # Copyright © 2019 Intel Corporation Inc +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -36,10 +37,12 @@ spec: {{ toYaml .Values.tolerations | indent 8 }} {{- end }} {{- include "common.imagePullSecrets" . | nindent 6 }} + {{ include "common.podSecurityContext" . | indent 6 | trim }} containers: - name: {{ include "common.name" . }} image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }} imagePullPolicy: "{{ .Values.pullPolicy }}" + {{ include "common.containerSecurityContext" . | indent 10 | trim }} ports: - containerPort: {{ .Values.service.peerInternalPort }} name: {{ .Values.service.peerPortName }} diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml index e2334eadfe..69d533c728 100644 --- a/kubernetes/common/etcd/values.yaml +++ b/kubernetes/common/etcd/values.yaml @@ -1,4 +1,5 @@ # Copyright © 2019 Intel Corporation, Inc +# Modifications Copyright © 2024 Deutsche Telekom # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. @@ -35,6 +36,10 @@ nodeSelector: {} affinity: {} +securityContext: + user_id: 1000 + group_id: 1000 + # probe configuration parameters liveness: initialDelaySeconds: 90 |