diff options
Diffstat (limited to 'kubernetes/common/mariadb-galera/templates')
10 files changed, 24 insertions, 11 deletions
diff --git a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml index 4c2bfcd389..05aafb5cc9 100644 --- a/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml +++ b/kubernetes/common/mariadb-galera/templates/backup/pvc.yaml @@ -47,4 +47,4 @@ spec: {{- end -}} {{- end -}} {{- end -}} -{{- end -}}
\ No newline at end of file +{{- end -}} diff --git a/kubernetes/common/mariadb-galera/templates/configmap.yaml b/kubernetes/common/mariadb-galera/templates/configmap.yaml index 0aa0a63f0a..152d39f4a5 100644 --- a/kubernetes/common/mariadb-galera/templates/configmap.yaml +++ b/kubernetes/common/mariadb-galera/templates/configmap.yaml @@ -39,4 +39,4 @@ data: my.cnf: | {{ .Values.mariadbConfiguration | indent 4 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/mariadb.yaml b/kubernetes/common/mariadb-galera/templates/mariadb.yaml index ce09c9ff06..d8ada6fbbb 100644 --- a/kubernetes/common/mariadb-galera/templates/mariadb.yaml +++ b/kubernetes/common/mariadb-galera/templates/mariadb.yaml @@ -16,4 +16,4 @@ {{- if .Values.global.mariadbGalera.useOperator }} {{ include "common.mariadbOpInstance" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml index d37aeb1751..e628deea15 100644 --- a/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml +++ b/kubernetes/common/mariadb-galera/templates/metrics-svc.yaml @@ -34,4 +34,4 @@ spec: targetPort: tcp-metrics selector: {{- include "common.matchLabels" . | nindent 4 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/pdb.yaml b/kubernetes/common/mariadb-galera/templates/pdb.yaml index 734f03f237..da83abc993 100644 --- a/kubernetes/common/mariadb-galera/templates/pdb.yaml +++ b/kubernetes/common/mariadb-galera/templates/pdb.yaml @@ -29,4 +29,4 @@ spec: selector: matchLabels: {{- include "common.matchLabels" . | nindent 6 }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml index cf0ab566a4..ee9124f23b 100644 --- a/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml +++ b/kubernetes/common/mariadb-galera/templates/prometheusrules.yaml @@ -28,4 +28,3 @@ spec: rules: {{- toYaml .Values.metrics.prometheusRules.rules | nindent 6 }} {{- end }} - diff --git a/kubernetes/common/mariadb-galera/templates/pv.yaml b/kubernetes/common/mariadb-galera/templates/pv.yaml index 129b5b26c7..267755259d 100644 --- a/kubernetes/common/mariadb-galera/templates/pv.yaml +++ b/kubernetes/common/mariadb-galera/templates/pv.yaml @@ -17,4 +17,4 @@ {{- if not .Values.global.mariadbGalera.useOperator }} {{ include "common.replicaPV" . }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/secrets.yaml b/kubernetes/common/mariadb-galera/templates/secrets.yaml index 527f41266d..77a8e38e80 100644 --- a/kubernetes/common/mariadb-galera/templates/secrets.yaml +++ b/kubernetes/common/mariadb-galera/templates/secrets.yaml @@ -16,4 +16,4 @@ # limitations under the License. */}} -{{ include "common.secretFast" . }}
\ No newline at end of file +{{ include "common.secretFast" . }} diff --git a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml index 4cbf7b394f..1bffb246f4 100644 --- a/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml +++ b/kubernetes/common/mariadb-galera/templates/servicemonitor.yaml @@ -18,4 +18,4 @@ {{- if .Values.metrics.serviceMonitor.enabled }} {{ include "common.serviceMonitor" . }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} diff --git a/kubernetes/common/mariadb-galera/templates/statefulset.yaml b/kubernetes/common/mariadb-galera/templates/statefulset.yaml index 70cc0c34bd..66ce8abc6e 100644 --- a/kubernetes/common/mariadb-galera/templates/statefulset.yaml +++ b/kubernetes/common/mariadb-galera/templates/statefulset.yaml @@ -55,7 +55,20 @@ spec: image: {{ include "repositoryGenerator.image.busybox" . }} imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }} securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - CAP_NET_RAW + add: + - CHOWN + - SYS_CHROOT + runAsGroup: {{ .Values.securityContext.group_id }} + readOnlyRootFilesystem: false runAsUser: 0 + runAsNonRoot: false + seccompProfile: + type: RuntimeDefault volumeMounts: - name: previous-boot mountPath: /bootstrap @@ -169,6 +182,7 @@ spec: successThreshold: {{ .Values.startupProbe.successThreshold }} failureThreshold: {{ .Values.startupProbe.failureThreshold }} {{- end }} + {{ include "common.containerSecurityContext" . | indent 10 | trim }} resources: {{ include "common.resources" . | nindent 12 }} volumeMounts: - name: previous-boot @@ -218,7 +232,7 @@ spec: timeoutSeconds: {{ .Values.metrics.readinessProbe.timeoutSeconds }} successThreshold: {{ .Values.metrics.readinessProbe.successThreshold }} failureThreshold: {{ .Values.metrics.readinessProbe.failureThreshold }} - {{ include "common.containerSecurityContext" . | indent 10 | trim }} + securityContext: {{- toYaml .Values.metrics.securityContext | nindent 12 }} resources: {{- toYaml .Values.metrics.resources | nindent 12 }} {{- end }} {{- include "common.imagePullSecrets" . | nindent 6 }} @@ -266,4 +280,4 @@ spec: volumeClaimTemplates: - {{ include "common.PVCTemplate" (dict "dot" . "suffix" "data" "persistenceInfos" .Values.persistence) | indent 6 | trim }} {{- end }} -{{- end }}
\ No newline at end of file +{{- end }} |