From 55815e6f882f66d139c164f10451bc7a572f39df Mon Sep 17 00:00:00 2001 From: Edu-DevOps <77807323+Edu-DevOps@users.noreply.github.com> Date: Wed, 21 Feb 2024 13:45:06 +0100 Subject: [PATCH] Feature/add containers security context field (#98) * #96 Adding securityContext in the containers spec field to deployment templates * #96 Adding securityContext in the containers spec field to deployment templates --- README.md | 4 ++++ charts/terrakube/Chart.yaml | 2 +- charts/terrakube/templates/deployment-api.yaml | 4 ++++ charts/terrakube/templates/deployment-executor.yaml | 4 ++++ charts/terrakube/templates/deployment-openldap.yaml | 4 ++++ charts/terrakube/templates/deployment-registry.yaml | 4 ++++ charts/terrakube/templates/deployment-ui.yaml | 4 ++++ charts/terrakube/values.yaml | 5 +++++ 8 files changed, 30 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 202f78b..9ab01d4 100644 --- a/README.md +++ b/README.md @@ -271,6 +271,7 @@ Once you have completed the above steps you can complete the file values.yaml to | api.properties.databaseUser | No | | | api.properties.databasePassword | No | | | api.securityContext | No | Fill securityContext field | +| api.containerSecurityContext | No | Fill securityContext field in the container spec | | executor.enabled | Yes | true/false | | executor.version | Yes | Terrakube Executor version | | executor.replicaCount | Yes | | @@ -282,6 +283,7 @@ Once you have completed the above steps you can complete the file values.yaml to | executor.properties.toolsRepository | Yes | Example: https://github.com/AzBuilder/terrakube-extensions | | executor.properties.toolsBranch | Yes | Example: main | | executor.securityContext | No | Fill securityContext field | +| executor.containerSecurityContext | No | Fill securityContext field in the container spec | | registry.enabled | Yes | | | registry.version | Yes | | | registry.replicaCount | Yes | | @@ -291,12 +293,14 @@ Once you have completed the above steps you can complete the file values.yaml to | registry.volumes | No | | | registry.volumeMounts | No | | | registry.securityContext | No | Fill securityContext field | +| registry.containerSecurityContext | No | Fill securityContext field in the container spec | | ui.enabled | Yes | true/false | | ui.version | Yes | | | ui.replicaCount | Yes | | | ui.serviceAccountName | No | Kubernetes Service Account name | | ui.serviceType | Yes | ClusterIP/NodePort/LoadBalancer/ExternalName | | ui.securityContext | No | Fill securityContext field | +| ui.containerSecurityContext | No | Fill securityContext field in the container spec | | ingress.ui.useTls | Yes | true/false | | ingress.ui.enabled | Yes | true/false | | ingress.ui.domain | Yes | | diff --git a/charts/terrakube/Chart.yaml b/charts/terrakube/Chart.yaml index d46fd57..6c92584 100644 --- a/charts/terrakube/Chart.yaml +++ b/charts/terrakube/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.14.1 +version: 3.14.2 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/terrakube/templates/deployment-api.yaml b/charts/terrakube/templates/deployment-api.yaml index 08da985..538b0fa 100644 --- a/charts/terrakube/templates/deployment-api.yaml +++ b/charts/terrakube/templates/deployment-api.yaml @@ -57,6 +57,10 @@ spec: port: 8080 initialDelaySeconds: 120 periodSeconds: 10 + {{- with .Values.api.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.api.affinity }} affinity: {{- toYaml . | nindent 8 }} diff --git a/charts/terrakube/templates/deployment-executor.yaml b/charts/terrakube/templates/deployment-executor.yaml index 7418535..af53978 100644 --- a/charts/terrakube/templates/deployment-executor.yaml +++ b/charts/terrakube/templates/deployment-executor.yaml @@ -57,6 +57,10 @@ spec: port: 8090 initialDelaySeconds: 120 periodSeconds: 10 + {{- with .Values.executor.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.executor.affinity }} affinity: {{- toYaml . | nindent 8 }} diff --git a/charts/terrakube/templates/deployment-openldap.yaml b/charts/terrakube/templates/deployment-openldap.yaml index 92de56c..2bc6bfc 100644 --- a/charts/terrakube/templates/deployment-openldap.yaml +++ b/charts/terrakube/templates/deployment-openldap.yaml @@ -39,6 +39,10 @@ spec: mountPath: "/ldifs/config-ldap.ldif" subPath: "config-ldap.ldif" readOnly: true + {{- with .Values.executor.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} volumes: - name: openldap-config secret: diff --git a/charts/terrakube/templates/deployment-registry.yaml b/charts/terrakube/templates/deployment-registry.yaml index 5e9618f..800834e 100644 --- a/charts/terrakube/templates/deployment-registry.yaml +++ b/charts/terrakube/templates/deployment-registry.yaml @@ -57,6 +57,10 @@ spec: port: 8075 initialDelaySeconds: 120 periodSeconds: 10 + {{- with .Values.executor.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.registry.affinity }} affinity: {{- toYaml . | nindent 8 }} diff --git a/charts/terrakube/templates/deployment-ui.yaml b/charts/terrakube/templates/deployment-ui.yaml index 97460ba..025d03f 100644 --- a/charts/terrakube/templates/deployment-ui.yaml +++ b/charts/terrakube/templates/deployment-ui.yaml @@ -36,6 +36,10 @@ spec: envFrom: - secretRef: name: terrakube-ui-secrets + {{- with .Values.executor.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} {{- with .Values.ui.affinity }} affinity: {{- toYaml . | nindent 8 }} diff --git a/charts/terrakube/values.yaml b/charts/terrakube/values.yaml index 74f7c59..62117a4 100644 --- a/charts/terrakube/values.yaml +++ b/charts/terrakube/values.yaml @@ -17,6 +17,7 @@ security: openldap: podLabels: {} securityContext: {} + containerSecurityContext: {} ## Dex dex: @@ -173,6 +174,7 @@ api: loadSampleData: true terraformReleasesUrl: "https://releases.hashicorp.com/terraform/index.json" securityContext: {} + containerSecurityContext: {} cache: moduleCacheMaxTotal: "128" moduleCacheMaxIdle: "128" @@ -210,6 +212,7 @@ executor: toolsRepository: "https://github.com/AzBuilder/terrakube-extensions" toolsBranch: "main" securityContext: {} + containerSecurityContext: {} ## Registry properties registry: enabled: true @@ -221,6 +224,7 @@ registry: resources: {} podLabels: {} securityContext: {} + containerSecurityContext: {} ## UI Properties ui: @@ -233,6 +237,7 @@ ui: resources: {} podLabels: {} securityContext: {} + containerSecurityContext: {} ## Ingress properties ingress: