openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "elasticsearch-exporter: Add security context for exporter pod/container"

Browse Source
This commit is contained in:
Zuul 2019-04-15 23:05:47 +00:00 committed by Gerrit Code Review
commit 2abcc6d8b4
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
View File

@ -52,8 +52,7 @@ spec:
- name: elasticsearch-exporter - name: elasticsearch-exporter
{{ tuple $envAll "prometheus_elasticsearch_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "prometheus_elasticsearch_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
securityContext: {{ dict "envAll" $envAll "application" "elasticsearch_exporter" "container" "elasticsearch_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
allowPrivilegeEscalation: false
command: command:
- /tmp/elasticsearch-exporter.sh - /tmp/elasticsearch-exporter.sh
- start - start

9
elasticsearch/values.yaml
View File

@ -116,9 +116,14 @@ pod:
elasticsearch-data: localhost/docker-default elasticsearch-data: localhost/docker-default
elasticsearch-client: elasticsearch-client:
elasticsearch-client: localhost/docker-default elasticsearch-client: localhost/docker-default
user: security_context:
elasticsearch_exporter: elasticsearch_exporter:
uid: 99 pod:
runAsUser: 99
container:
elasticsearch_exporter:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
affinity: affinity:
anti: anti:
type: type: