From 2e811d79587440f45591530eb017bbe2491d087e Mon Sep 17 00:00:00 2001 From: Javier Ramirez Date: Tue, 31 May 2022 15:48:13 +0200 Subject: [PATCH 1/4] Added securityContext options for secure environments Added securityContext options for secure environments where Pods execution requires non-root user definition. --- .../templates/mattermost-operator/deployment.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/charts/mattermost-operator/templates/mattermost-operator/deployment.yaml b/charts/mattermost-operator/templates/mattermost-operator/deployment.yaml index 01105730..7c9740b3 100644 --- a/charts/mattermost-operator/templates/mattermost-operator/deployment.yaml +++ b/charts/mattermost-operator/templates/mattermost-operator/deployment.yaml @@ -26,6 +26,8 @@ spec: app.kubernetes.io/managed-by: {{ .Release.Service }} app.kubernetes.io/instance: {{ .Release.Name }} spec: + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - args: {{- if .Values.mattermostOperator.args }} @@ -41,6 +43,8 @@ spec: image: "{{ .Values.mattermostOperator.image.repository }}:{{ .Values.mattermostOperator.image.tag }}" imagePullPolicy: "{{ .Values.mattermostOperator.image.pullPolicy }}" name: {{ template "mattermost-operator.name" . }} + securityContext: + {{- toYaml .Values.securityContext | nindent 12 }} serviceAccountName: {{ template "mattermost-operator.name" . }} {{- if .Values.mattermostOperator.privateRegistry.enabled }} imagePullSecrets: From a25fb74c4db2ff0f0b90af3f6d80e867b913d486 Mon Sep 17 00:00:00 2001 From: Javier Ramirez Date: Tue, 31 May 2022 15:50:26 +0200 Subject: [PATCH 2/4] Added example working securityContext for mattermost-operator. Added example working securityContext for mattermost-operator. --- charts/mattermost-operator/values.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/charts/mattermost-operator/values.yaml b/charts/mattermost-operator/values.yaml index 8fe76f97..d25a785a 100644 --- a/charts/mattermost-operator/values.yaml +++ b/charts/mattermost-operator/values.yaml @@ -147,3 +147,18 @@ mysqlOperator: topology: user: "b3JjaGVzdHJhdG9y" password: "Nnc2NHBhaGJzUA==" + + +podSecurityContext: + runAsUser: 10001 + runAsGroup: 10001 + fsGroup: 10001 + +securityContext: +# capabilities: +# drop: +# - ALL +# readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 10001 + runAsGroup: 10001 From c19129b17b3696bbb1a11d4023c64ea48267cfb5 Mon Sep 17 00:00:00 2001 From: Javier Ramirez Date: Wed, 24 Aug 2022 09:29:35 +0200 Subject: [PATCH 3/4] Update Chart.yaml --- charts/mattermost-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/mattermost-operator/Chart.yaml b/charts/mattermost-operator/Chart.yaml index 3096e2f2..a1e64634 100644 --- a/charts/mattermost-operator/Chart.yaml +++ b/charts/mattermost-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mattermost-operator description: A Helm chart for Mattermost Operator type: application -version: 0.3.1 +version: 0.3.2 appVersion: 1.18.0 keywords: - operator From 44b8446316407039690719794a08897b0554b7ed Mon Sep 17 00:00:00 2001 From: Javier Ramirez Date: Thu, 20 Oct 2022 08:43:20 +0200 Subject: [PATCH 4/4] Update Chart.yaml Chart release changed to 0.3.3 to include security context changes. --- charts/mattermost-operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/mattermost-operator/Chart.yaml b/charts/mattermost-operator/Chart.yaml index a1e64634..426ac301 100644 --- a/charts/mattermost-operator/Chart.yaml +++ b/charts/mattermost-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: mattermost-operator description: A Helm chart for Mattermost Operator type: application -version: 0.3.2 +version: 0.3.3 appVersion: 1.18.0 keywords: - operator