Skip to content

Commit

Permalink
OPSEXP-2502 Add required security context to adf app chart (#235)
Browse files Browse the repository at this point in the history
  • Loading branch information
gionn authored Feb 28, 2024
1 parent 0549b5c commit 498053b
Show file tree
Hide file tree
Showing 6 changed files with 16 additions and 9 deletions.
6 changes: 3 additions & 3 deletions charts/alfresco-adf-app/Chart.lock
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
dependencies:
- name: alfresco-common
repository: https://alfresco.github.io/alfresco-helm-charts/
version: 3.1.0
digest: sha256:9c28428c3dce7c46decd859744075a51482adc21b4c21427840695fcaa23039d
generated: "2024-02-15T18:04:01.787711+01:00"
version: 3.1.2
digest: sha256:230deb46616c8921522dc68470ba18d8d445b931e8eb49ba09d4d3042732a24b
generated: "2024-02-28T10:02:05.315617+01:00"
4 changes: 2 additions & 2 deletions charts/alfresco-adf-app/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,8 +2,8 @@ apiVersion: v2
name: alfresco-adf-app
description: A generic Alfresco Development Framework Helm chart for Kubernetes
type: application
version: 0.1.0-alpha.0
version: 0.1.0-alpha.1
dependencies:
- name: alfresco-common
version: 3.1.0
version: 3.1.2
repository: https://alfresco.github.io/alfresco-helm-charts/
7 changes: 4 additions & 3 deletions charts/alfresco-adf-app/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# alfresco-adf-app

![Version: 0.1.0-alpha.0](https://img.shields.io/badge/Version-0.1.0--alpha.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
![Version: 0.1.0-alpha.1](https://img.shields.io/badge/Version-0.1.0--alpha.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)

A generic Alfresco Development Framework Helm chart for Kubernetes

Expand All @@ -10,7 +10,7 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs

| Repository | Name | Version |
|------------|------|---------|
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.0 |
| https://alfresco.github.io/alfresco-helm-charts/ | alfresco-common | 3.1.2 |

## Values

Expand All @@ -35,7 +35,8 @@ Checkout [alfresco-content-services chart's doc](https://github.com/Alfresco/acs
| nodeSelector | object | `{}` | |
| podAnnotations | object | `{}` | |
| podLabels | object | `{}` | |
| podSecurityContext | object | `{}` | |
| podSecurityContext.runAsNonRoot | bool | `true` | |
| podSecurityContext.runAsUser | int | `101` | Retrocompat with Activiti Common chart |
| replicaCount | int | `1` | |
| resources.limits.cpu | string | `"100m"` | |
| resources.limits.memory | string | `"128Mi"` | |
Expand Down
1 change: 1 addition & 0 deletions charts/alfresco-adf-app/templates/_helpers.tpl
Original file line number Diff line number Diff line change
Expand Up @@ -40,6 +40,7 @@ helm.sh/chart: {{ include "alfresco-adf-app.chart" . }}
app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
{{- end }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
app.kubernetes.io/component: {{ .Chart.Name }}
{{- end }}

{{/*
Expand Down
2 changes: 2 additions & 0 deletions charts/alfresco-adf-app/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ metadata:
name: {{ include "alfresco-adf-app.fullname" . }}
labels:
{{- include "alfresco-adf-app.labels" . | nindent 4 }}
annotations:
checkov.io/skip1: CKV_K8S_40=older docker images requires specific uid
spec:
replicas: {{ .Values.replicaCount }}
selector:
Expand Down
5 changes: 4 additions & 1 deletion charts/alfresco-adf-app/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,10 @@ serviceAccount:
podAnnotations: {}
podLabels: {}

podSecurityContext: {}
podSecurityContext:
# -- Retrocompat with Activiti Common chart
runAsUser: 101
runAsNonRoot: true

securityContext: {}

Expand Down

0 comments on commit 498053b

Please sign in to comment.