Fix Kyverno policy violations for DCAE PRH & VES-COLLECTOR

Issue-ID: OOM-3315
Change-Id: I1d6251e7c6724addca81167f9f4d184c291340c3
Signed-off-by: Aditi Shukla <aditi.shukla@t-systems.com>

1 files changed, 26 insertions, 0 deletions

diff --git a/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/ves-collector/_copyEtc.tpl b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/ves-collector/_copyEtc.tpl
new file mode 100644
index 0000000000..a3a724741f
--- /dev/null
+++ b/kubernetes/dcaegen2-services/common/dcaegen2-services-common/templates/ves-collector/_copyEtc.tpl
@@ -0,0 +1,26 @@
+{{- define "dcaegen2-ves-collector.vesCollectorCopyEtc" -}}
+- name: dcae-ves-collector-copy-etc
+  command: ["cp", "-R", "/opt/app/VESCollector/etc/.", "/opt/app/VESCollector/etc_rw/"]
+  image: {{ default ( include "repositoryGenerator.repository" . ) .Values.imageRepositoryOverride }}/{{ .Values.image }}
+  imagePullPolicy: Always
+  resources:
+    limits:
+      cpu: {{ .Values.copyEtc.resources.limits.cpu }}
+      memory: {{ .Values.copyEtc.resources.limits.memory }}
+    requests:
+      cpu: {{ .Values.copyEtc.resources.requests.cpu }}
+      memory: {{ .Values.copyEtc.resources.requests.memory }}
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+        - CAP_NET_RAW
+    readOnlyRootFilesystem: true
+    runAsNonRoot: true
+  terminationMessagePath: /dev/termination-log
+  terminationMessagePolicy: File
+  volumeMounts:
+    - mountPath: /opt/app/VESCollector/etc_rw
+      name: ves-collector-etc
+{{- end }}