fix securtiyContext

kubeshop · Nov 8, 2024 · b6d968c · b6d968c
1 parent 9fee258
commit b6d968c
Show file tree

Hide file tree

Showing 13 changed files with 30 additions and 45 deletions.
diff --git a/charts/testkube-cloud-api/templates/deployment.yaml b/charts/testkube-cloud-api/templates/deployment.yaml
@@ -28,15 +28,13 @@ spec:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "testkube-cloud-api.serviceAccountName" . }}
-      securityContext:
-        {{ include "testkube-cloud-api.podSecurityContext" . | trim }}
+      securityContext: {{ include "testkube-cloud-api.podSecurityContext" . | nindent 8 }}
       {{- if .Values.init.enabled }}
       initContainers:
         - name: wait-for-mongo
           image: {{ include "testkube-cloud-api.init-mongo-image" . }}
           imagePullPolicy: {{ .Values.init.mongo.image.pullPolicy }}
-          securityContext:
-            {{ include "init-wait-for-mongo.containerSecurityContext" . | trim }}
+          securityContext: {{ include "init-wait-for-mongo.containerSecurityContext" . | nindent 12 }}
           command: ["/bin/sh", "-c"]
           args:
             - |
@@ -58,8 +56,7 @@ spec:
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ include "testkube-cloud-api.containerSecurityContext" . | trim }}
+          securityContext: {{ include "testkube-cloud-api.containerSecurityContext" . | nindent 12 }}
           image: {{ include "testkube-api.image" . }}
           imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }}
           env:

diff --git a/charts/testkube-cloud-api/templates/migrations-job.yaml b/charts/testkube-cloud-api/templates/migrations-job.yaml
@@ -32,14 +32,12 @@ spec:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "testkube-cloud-api.serviceAccountName" . }}
-      securityContext:
-        {{ include "testkube-cloud-api.podSecurityContext" . | trim }}
+      securityContext: {{ include "testkube-cloud-api.podSecurityContext" . | nindent 8 }}
       {{- if .Values.init.enabled }}
       initContainers:
         - name: wait-for-mongo
           image: {{ include "testkube-cloud-api.init-mongo-image" . }}
-          securityContext:
-            {{ include "init-wait-for-mongo.containerSecurityContext" . | trim}}
+          securityContext: {{ include "init-wait-for-mongo.containerSecurityContext" . | nindent 12 }}
           command: ["/bin/sh", "-c"]
           args:
             - |
@@ -62,8 +60,7 @@ spec:
       containers:
         - name: migrations
           image: {{ include "testkube-api.image" . }}
-          securityContext:
-            {{ include "testkube-cloud-api.containerSecurityContext" . | trim  }}
+          securityContext: {{ include "testkube-cloud-api.containerSecurityContext" . | nindent 12 }}
           args: ["migrate"]
           env:
             - name: ENTERPRISE_MODE

diff --git a/charts/testkube-cloud-ui/templates/deployment.yaml b/charts/testkube-cloud-ui/templates/deployment.yaml
@@ -28,12 +28,10 @@ spec:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "testkube-cloud-ui.serviceAccountName" . }}
-      securityContext:
-        {{ include "testkube-cloud-ui.podSecurityContext" . | trim }}
+      securityContext: {{ include "testkube-cloud-ui.podSecurityContext" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ include "testkube-cloud-ui.containerSecurityContext" . | trim }}
+          securityContext: {{ include "testkube-cloud-ui.containerSecurityContext" . | nindent 12 }}
           image: {{ include "testkube-dashboard.image" . }}
           imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }}
           ports:

diff --git a/charts/testkube-enterprise/Chart.lock b/charts/testkube-enterprise/Chart.lock
@@ -16,15 +16,15 @@ dependencies:
   version: 2.1.81
 - name: dex
   repository: file://./charts/dex
-  version: 0.19.1-4
+  version: 0.19.1-5
 - name: mongodb
   repository: https://charts.bitnami.com/bitnami
   version: 15.6.16
 - name: nats
   repository: file://./charts/nats
-  version: 1.2.6-2
+  version: 1.2.6-3
 - name: minio
   repository: https://charts.bitnami.com/bitnami
   version: 14.7.0
-digest: sha256:17bf730828203280f9c9363f0bd11a4da94b913d56bb9607fc7f23be83bd338b
-generated: "2024-11-08T08:37:06.655613012Z"
+digest: sha256:78b39190123a22dba8130cd9a15fd37f8ec76b5ec89ba494488ab22d6586d868
+generated: "2024-11-08T12:43:15.633902+02:00"
diff --git a/charts/testkube-enterprise/Chart.yaml b/charts/testkube-enterprise/Chart.yaml
@@ -22,7 +22,7 @@ dependencies:
     repository: https://kubeshop.github.io/helm-charts
     condition: testkube-agent.enabled
   - name: dex
-    version: 0.19.1-4
+    version: 0.19.1-5
     repository: file://./charts/dex
     condition: dex.enabled
   - name: mongodb
@@ -31,7 +31,7 @@ dependencies:
     condition: mongodb.enabled
   - name: nats
     condition: testkube-api.nats.enabled
-    version: 1.2.6-2
+    version: 1.2.6-3
     repository: "file://./charts/nats"
   - name: minio
     version: 14.7.0

diff --git a/charts/testkube-enterprise/charts/dex/Chart.yaml b/charts/testkube-enterprise/charts/dex/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 type: application
 name: dex
-version: 0.19.1-4
+version: 0.19.1-5
 appVersion: "2.41.1"
 kubeVersion: ">=1.14.0-0"
 description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors.

diff --git a/charts/testkube-enterprise/charts/dex/templates/deployment.yaml b/charts/testkube-enterprise/charts/dex/templates/deployment.yaml
@@ -46,16 +46,14 @@ spec:
       {{- with .Values.priorityClassName }}
       priorityClassName: {{ . | quote }}
       {{- end }}
-      securityContext:
-        {{ include "dex.podSecurityContext" . | trim }}
+      securityContext: {{ include "dex.podSecurityContext" . | nindent 8 }}
       {{- with .Values.hostAliases }}
       hostAliases:
         {{- toYaml . | nindent 8 }}
       {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ include "dex.containerSecurityContext" . | trim }}
+          securityContext: {{ include "dex.containerSecurityContext" . | nindent 12 }}
           {{- include "dex.image" . | nindent 10 }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:

diff --git a/charts/testkube-enterprise/charts/nats/Chart.yaml b/charts/testkube-enterprise/charts/nats/Chart.yaml
@@ -6,7 +6,7 @@ keywords:
 - nats
 - messaging
 - cncf
-version: 1.2.6-2
+version: 1.2.6-3
 home: http://github.com/nats-io/k8s
 maintainers:
 - email: [email protected]

diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml
@@ -28,4 +28,4 @@ volumeMounts:
 
 
 securityContext:
-  {{- include "nats.containerSecurityContext" $ | nindent 6 }}
+  {{- include "nats.containerSecurityContext" $ | nindent 4 }}
diff --git a/charts/testkube-enterprise/templates/shared-secrets/job.yaml b/charts/testkube-enterprise/templates/shared-secrets/job.yaml
@@ -10,8 +10,7 @@ metadata:
 spec:
   template:
     spec:
-      securityContext:
-        {{ include "sharedSecretGenerator.podSecurityContext" . | trim }}
+      securityContext: {{ include "sharedSecretGenerator.podSecurityContext" . | nindent 8 }}
       serviceAccountName: testkube-secret-generator
       restartPolicy: Never
       containers:
@@ -21,8 +20,7 @@ spec:
           volumeMounts:
             - name: scripts
               mountPath: /scripts
-          securityContext:
-            {{ include "sharedSecretGenerator.containerSecurityContext" . | trim }}
+          securityContext: {{ include "sharedSecretGenerator.containerSecurityContext" . | nindent 12 }}
           resources:
             {{- toYaml .Values.sharedSecretGenerator.resources | nindent 12 }}
       volumes:

diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml
@@ -94,9 +94,11 @@ global:
   # -- Toggle whether to globally skip certificate verification
   #skipVerify: true
   # -- Global security Context for all containers, except for MongoDB and MinIo. Container security context for them needs to be provided separately.
-  containerSecurityContext: {}
+  containerSecurityContext:
+    jfdj: ddd
   # -- Global security Context for all pods, except for MongoDB and MinIo. Pod security Context for them needs to be provided separately.
-  podSecurityContext: {}
+  podSecurityContext:
+    ggg: ggg
 # Testkube requires a variety of secrets to operate.
 # Any secret not provided manually will be automatically generated with a random value by the shared secret job.
 sharedSecretGenerator:

diff --git a/charts/testkube-logs-service/templates/deployment.yaml b/charts/testkube-logs-service/templates/deployment.yaml
@@ -28,12 +28,10 @@ spec:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "testkube-log-service.serviceAccountName" . }}
-      securityContext:
-        {{ include "testkube-logs-service.podSecurityContext" . | trim }}
+      securityContext: {{ include "testkube-logs-service.podSecurityContext" . | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ include "testkube-logs-service.containerSecurityContext" . | trim }}
+          securityContext: {{ include "testkube-logs-service.containerSecurityContext" . | nindent 12 }}
           image: {{ include "testkube-logs.image" . }}
           imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }}
           env:

diff --git a/charts/testkube-worker-service/templates/deployment.yaml b/charts/testkube-worker-service/templates/deployment.yaml
@@ -28,13 +28,11 @@ spec:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
       serviceAccountName: {{ include "testkube-worker-service.serviceAccountName" . }}
-      securityContext:
-        {{ include "testkube-worker-service.podSecurityContext" . | trim }}
+      securityContext: {{ include "testkube-worker-service.podSecurityContext" . | nindent 8 }}
       initContainers:
         - name: wait-for-mongo
           image: {{ include "testkube-worker.init-mongo-image" . }}
-          securityContext:
-            {{ include "init-wait-for-mongo.containerSecurityContext" . | trim }}
+          securityContext: {{ include "init-wait-for-mongo.containerSecurityContext" . | nindent 12 }}
           command: ["/bin/sh", "-c"]
           args:
             - |
@@ -55,8 +53,7 @@ spec:
               {{- end }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ include "testkube-worker-service.containerSecurityContext" . | trim }}
+          securityContext: {{ include "testkube-worker-service.containerSecurityContext" . | nindent 12 }}
           image: {{ include "testkube-worker.image" . }}
           imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }}
           env: