Skip to content

Commit 342916b

Browse files
authored
fix: nest .Values.seccompProfile.enable and .Values.securityContext.enabled correctly (#2874)
* fix: set securityContext only in case of opt-in * fix: nesting of secCompProfile and securityContext
1 parent f5d62b0 commit 342916b

12 files changed

+14
-10
lines changed

helm-chart/templates/adservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,11 @@ spec:
5555
runAsGroup: 1000
5656
runAsNonRoot: true
5757
runAsUser: 1000
58-
{{- end }}
5958
{{- if .Values.seccompProfile.enable }}
6059
seccompProfile:
6160
type: {{ .Values.seccompProfile.type }}
6261
{{- end }}
62+
{{- end }}
6363
containers:
6464
- name: server
6565
securityContext:

helm-chart/templates/cartservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -237,11 +237,11 @@ spec:
237237
runAsGroup: 1000
238238
runAsNonRoot: true
239239
runAsUser: 1000
240-
{{- end }}
241240
{{- if .Values.seccompProfile.enable }}
242241
seccompProfile:
243242
type: {{ .Values.seccompProfile.type }}
244243
{{- end }}
244+
{{- end }}
245245
containers:
246246
- name: redis
247247
securityContext:

helm-chart/templates/checkoutservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,11 +54,11 @@ spec:
5454
runAsGroup: 1000
5555
runAsNonRoot: true
5656
runAsUser: 1000
57-
{{- end }}
5857
{{- if .Values.seccompProfile.enable }}
5958
seccompProfile:
6059
type: {{ .Values.seccompProfile.type }}
6160
{{- end }}
61+
{{- end }}
6262
containers:
6363
- name: server
6464
securityContext:

helm-chart/templates/currencyservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,11 @@ spec:
5555
runAsGroup: 1000
5656
runAsNonRoot: true
5757
runAsUser: 1000
58-
{{- end }}
5958
{{- if .Values.seccompProfile.enable }}
6059
seccompProfile:
6160
type: {{ .Values.seccompProfile.type }}
6261
{{- end }}
62+
{{- end }}
6363
containers:
6464
- name: server
6565
securityContext:

helm-chart/templates/emailservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,11 @@ spec:
5555
runAsGroup: 1000
5656
runAsNonRoot: true
5757
runAsUser: 1000
58-
{{- end }}
5958
{{- if .Values.seccompProfile.enable }}
6059
seccompProfile:
6160
type: {{ .Values.seccompProfile.type }}
6261
{{- end }}
62+
{{- end }}
6363
containers:
6464
- name: server
6565
securityContext:

helm-chart/templates/frontend.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -56,11 +56,11 @@ spec:
5656
runAsGroup: 1000
5757
runAsNonRoot: true
5858
runAsUser: 1000
59-
{{- end }}
6059
{{- if .Values.seccompProfile.enable }}
6160
seccompProfile:
6261
type: {{ .Values.seccompProfile.type }}
6362
{{- end }}
63+
{{- end }}
6464
containers:
6565
- name: server
6666
securityContext:

helm-chart/templates/loadgenerator.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,11 @@ spec:
5959
runAsGroup: 1000
6060
runAsNonRoot: true
6161
runAsUser: 1000
62-
{{- end }}
6362
{{- if .Values.seccompProfile.enable }}
6463
seccompProfile:
6564
type: {{ .Values.seccompProfile.type }}
6665
{{- end }}
66+
{{- end }}
6767
{{- if .Values.loadGenerator.checkFrontendInitContainer }}
6868
initContainers:
6969
- command:

helm-chart/templates/opentelemetry-collector.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -47,6 +47,7 @@ spec:
4747
{{- else }}
4848
serviceAccountName: default
4949
{{- end }}
50+
{{- if .Values.securityContext.enable }}
5051
securityContext:
5152
fsGroup: 1000
5253
runAsGroup: 1000
@@ -56,6 +57,7 @@ spec:
5657
seccompProfile:
5758
type: {{ .Values.seccompProfile.type }}
5859
{{- end }}
60+
{{- end }}
5961
{{- if eq .Values.opentelemetryCollector.projectId "PROJECT_ID" }}
6062
initContainers:
6163
# Init container retrieves the current cloud project id from the metadata server

helm-chart/templates/paymentservice.yaml

+2
Original file line numberDiff line numberDiff line change
@@ -49,6 +49,7 @@ spec:
4949
serviceAccountName: default
5050
{{- end }}
5151
terminationGracePeriodSeconds: 5
52+
{{- if .Values.securityContext.enable }}
5253
securityContext:
5354
fsGroup: 1000
5455
runAsGroup: 1000
@@ -58,6 +59,7 @@ spec:
5859
seccompProfile:
5960
type: {{ .Values.seccompProfile.type }}
6061
{{- end }}
62+
{{- end }}
6163
containers:
6264
- name: server
6365
securityContext:

helm-chart/templates/productcatalogservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -55,11 +55,11 @@ spec:
5555
runAsGroup: 1000
5656
runAsNonRoot: true
5757
runAsUser: 1000
58-
{{- end }}
5958
{{- if .Values.seccompProfile.enable }}
6059
seccompProfile:
6160
type: {{ .Values.seccompProfile.type }}
6261
{{- end }}
62+
{{- end }}
6363
containers:
6464
- name: server
6565
securityContext:

helm-chart/templates/recommendationservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -55,12 +55,12 @@ spec:
5555
runAsGroup: 1000
5656
runAsNonRoot: true
5757
runAsUser: 1000
58-
{{- end }}
5958
{{- if .Values.seccompProfile.enable }}
6059
seccompProfile:
6160
type: {{ .Values.seccompProfile.type }}
6261
{{- end }}
6362
containers:
63+
{{- end }}
6464
- name: server
6565
securityContext:
6666
allowPrivilegeEscalation: false

helm-chart/templates/shippingservice.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -54,11 +54,11 @@ spec:
5454
runAsGroup: 1000
5555
runAsNonRoot: true
5656
runAsUser: 1000
57-
{{- end }}
5857
{{- if .Values.seccompProfile.enable }}
5958
seccompProfile:
6059
type: {{ .Values.seccompProfile.type }}
6160
{{- end }}
61+
{{- end }}
6262
containers:
6363
- name: server
6464
securityContext:

0 commit comments

Comments
 (0)