Add missing security-context for ceph-rgw test pod

This updates the ceph-rgw chart to include the pod security context on the pod template. This also adds the container security context to set readOnlyRootFilesystem flag to true Change-Id: Ib6be059e387f1932a5655df07ae182f75f142538
2020-07-14 11:09:41 -05:00 · 2020-07-14 11:09:41 -05:00 · 774d85b77e
commit 774d85b77e
parent b1fc699808
2 changed files with 4 additions and 0 deletions
--- a/ceph-rgw/templates/pod-helm-tests.yaml
+++ b/ceph-rgw/templates/pod-helm-tests.yaml
@ -78,6 +78,7 @@ spec:
    - name: ceph-rgw-s3-validation
 {{ tuple $envAll "ceph_rgw" | include "helm-toolkit.snippets.image" | indent 6 }}
 {{ tuple $envAll $envAll.Values.pod.resources.tests | include "helm-toolkit.snippets.kubernetes_resources" | indent 6 }}
+{{ dict "envAll" $envAll "application" "rgw_test" "container" "ceph_rgw_s3_validation" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 6 }}
      env:
 {{- with $env := dict "s3AdminSecret" $envAll.Values.secrets.rgw_s3.admin }}
 {{- include "helm-toolkit.snippets.rgw_s3_admin_env_vars" $env | indent 8 }}
--- a/ceph-rgw/values.yaml
+++ b/ceph-rgw/values.yaml
@ -99,6 +99,9 @@ pod:
        ceph_rgw_ks_validation:
          allowPrivilegeEscalation: false
          readOnlyRootFilesystem: true
+        ceph_rgw_s3_validation:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
    bootstrap:
      pod:
        runAsUser: 65534