From 8bbe8452c2525f26313fe0134cbcfe9f183838ab Mon Sep 17 00:00:00 2001 From: Cliff Parsons Date: Thu, 28 Feb 2019 15:51:34 -0600 Subject: [PATCH] Implement Security Context for Memcached Implement a pod security context for the following Memcached resources: - Memcached server deployment Change-Id: I8628ceb246e7c435a2ddd20bf1bcecd94db8ea26 --- memcached/templates/deployment.yaml | 3 +-- memcached/values.yaml | 5 +++++ 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/memcached/templates/deployment.yaml b/memcached/templates/deployment.yaml index d691c84b0..0d55a0f4b 100644 --- a/memcached/templates/deployment.yaml +++ b/memcached/templates/deployment.yaml @@ -43,8 +43,7 @@ spec: labels: {{ tuple $envAll "memcached" "server" | include "helm-toolkit.snippets.kubernetes_metadata_labels" | indent 8 }} spec: - securityContext: - readOnlyRootFilesystem: true +{{ dict "envAll" $envAll "application" "server" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }} shareProcessNamespace: true serviceAccountName: {{ $rcControllerName | quote }} affinity: diff --git a/memcached/values.yaml b/memcached/values.yaml index 3ff5bfe3e..8dfcf5464 100644 --- a/memcached/values.yaml +++ b/memcached/values.yaml @@ -147,6 +147,11 @@ pod: user: memcached_exporter: uid: 65534 + server: + uid: 65534 + securityContext: + server: + readOnlyRootFilesystem: true affinity: anti: topologyKey: