elasticsearch-exporter: Add security context for exporter pod/container

This adds the security context snippet for the elasticsearch prometheus exporter container to set allowPrivilegeEscalation to false and readOnlyRootFilesystem to true Change-Id: Ia80aa9cfc837073fae0a884de5245764147d7ded
2019-04-01 16:51:34 -05:00 · 2019-04-01 16:51:34 -05:00 · f667804430
commit f667804430
parent 73dadd8899
2 changed files with 8 additions and 4 deletions
--- a/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
+++ b/elasticsearch/templates/monitoring/prometheus/exporter-deployment.yaml
@ -52,8 +52,7 @@ spec:
        - name: elasticsearch-exporter
 {{ tuple $envAll "prometheus_elasticsearch_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
 {{ tuple $envAll $envAll.Values.pod.resources.exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
-          securityContext:
-            allowPrivilegeEscalation: false
+{{ dict "envAll" $envAll "application" "elasticsearch_exporter" "container" "elasticsearch_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
          command:
            - /tmp/elasticsearch-exporter.sh
            - start
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@ -116,9 +116,14 @@ pod:
      elasticsearch-data: localhost/docker-default
    elasticsearch-client:
      elasticsearch-client: localhost/docker-default
-  user:
+  security_context:
    elasticsearch_exporter:
-      uid: 99
+      pod:
+        runAsUser: 99
+      container:
+        elasticsearch_exporter:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
  affinity:
      anti:
        type: