From cf70098d182c07c4091fd83b3a704a249a4eac7e Mon Sep 17 00:00:00 2001
From: Andreas Geissler <andreas-geissler@telekom.de>
Date: Mon, 14 Oct 2024 15:10:37 +0200
Subject: [ETCD] Add kyverno policy fixes

Add securityContext settings to resolve kyverno policy violations
Fix Jira Links in all release notes.

Issue-ID: OOM-3314

Change-Id: Ief20d42f2e4825754bf8d1a142665c7dd176a1d9
Signed-off-by: Andreas Geissler <andreas-geissler@telekom.de>
---
 kubernetes/common/etcd/Chart.yaml                 | 3 ++-
 kubernetes/common/etcd/templates/statefulset.yaml | 3 +++
 kubernetes/common/etcd/values.yaml                | 5 +++++
 3 files changed, 10 insertions(+), 1 deletion(-)

(limited to 'kubernetes/common/etcd')

diff --git a/kubernetes/common/etcd/Chart.yaml b/kubernetes/common/etcd/Chart.yaml
index 465364b3da..bd508c57fd 100644
--- a/kubernetes/common/etcd/Chart.yaml
+++ b/kubernetes/common/etcd/Chart.yaml
@@ -1,6 +1,7 @@
 # Copyright © 2019 Intel Corporation
 # Modifications Copyright © 2021 Orange
 # Modifications Copyright © 2021 Nordix Foundation
+# Modifications Copyright © 2024 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -17,7 +18,7 @@
 apiVersion: v2
 name: etcd
 home: https://github.com/coreos/etcd
-version: 13.0.0
+version: 13.0.1
 appVersion: 2.2.5
 description: Distributed reliable key-value store for the most critical data of a
   distributed system.
diff --git a/kubernetes/common/etcd/templates/statefulset.yaml b/kubernetes/common/etcd/templates/statefulset.yaml
index 722a27d791..c71d3295eb 100644
--- a/kubernetes/common/etcd/templates/statefulset.yaml
+++ b/kubernetes/common/etcd/templates/statefulset.yaml
@@ -1,5 +1,6 @@
 {{/*
 # Copyright © 2019 Intel Corporation Inc
+# Modifications Copyright © 2024 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -36,10 +37,12 @@ spec:
 {{ toYaml .Values.tolerations | indent 8 }}
 {{- end }}
       {{- include "common.imagePullSecrets" . | nindent 6 }}
+      {{ include "common.podSecurityContext" . | indent 6 | trim }}
       containers:
       - name: {{ include "common.name" .  }}
         image: {{ include "repositoryGenerator.googleK8sRepository" . }}/{{ .Values.image }}
         imagePullPolicy: "{{ .Values.pullPolicy }}"
+        {{ include "common.containerSecurityContext" . | indent 10 | trim }}
         ports:
         - containerPort: {{ .Values.service.peerInternalPort }}
           name: {{ .Values.service.peerPortName }}
diff --git a/kubernetes/common/etcd/values.yaml b/kubernetes/common/etcd/values.yaml
index e2334eadfe..69d533c728 100644
--- a/kubernetes/common/etcd/values.yaml
+++ b/kubernetes/common/etcd/values.yaml
@@ -1,4 +1,5 @@
 # Copyright © 2019 Intel Corporation, Inc
+# Modifications Copyright © 2024 Deutsche Telekom
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -35,6 +36,10 @@ nodeSelector: {}
 
 affinity: {}
 
+securityContext:
+  user_id: 1000
+  group_id: 1000
+
 # probe configuration parameters
 liveness:
   initialDelaySeconds: 90
-- 
cgit 1.2.3-korg