From b6d968c7331605daba860df11f89640dd80e10db Mon Sep 17 00:00:00 2001 From: ypoplavs Date: Fri, 8 Nov 2024 12:44:38 +0200 Subject: [PATCH] fix securtiyContext --- charts/testkube-cloud-api/templates/deployment.yaml | 9 +++------ charts/testkube-cloud-api/templates/migrations-job.yaml | 9 +++------ charts/testkube-cloud-ui/templates/deployment.yaml | 6 ++---- charts/testkube-enterprise/Chart.lock | 8 ++++---- charts/testkube-enterprise/Chart.yaml | 4 ++-- charts/testkube-enterprise/charts/dex/Chart.yaml | 2 +- .../charts/dex/templates/deployment.yaml | 6 ++---- charts/testkube-enterprise/charts/nats/Chart.yaml | 2 +- .../nats/files/stateful-set/reloader-container.yaml | 2 +- .../templates/shared-secrets/job.yaml | 6 ++---- charts/testkube-enterprise/values.yaml | 6 ++++-- charts/testkube-logs-service/templates/deployment.yaml | 6 ++---- charts/testkube-worker-service/templates/deployment.yaml | 9 +++------ 13 files changed, 30 insertions(+), 45 deletions(-) diff --git a/charts/testkube-cloud-api/templates/deployment.yaml b/charts/testkube-cloud-api/templates/deployment.yaml index 0436ef5f7..6640b4bbe 100644 --- a/charts/testkube-cloud-api/templates/deployment.yaml +++ b/charts/testkube-cloud-api/templates/deployment.yaml @@ -28,15 +28,13 @@ spec: {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} serviceAccountName: {{ include "testkube-cloud-api.serviceAccountName" . }} - securityContext: - {{ include "testkube-cloud-api.podSecurityContext" . | trim }} + securityContext: {{ include "testkube-cloud-api.podSecurityContext" . | nindent 8 }} {{- if .Values.init.enabled }} initContainers: - name: wait-for-mongo image: {{ include "testkube-cloud-api.init-mongo-image" . }} imagePullPolicy: {{ .Values.init.mongo.image.pullPolicy }} - securityContext: - {{ include "init-wait-for-mongo.containerSecurityContext" . | trim }} + securityContext: {{ include "init-wait-for-mongo.containerSecurityContext" . | nindent 12 }} command: ["/bin/sh", "-c"] args: - | @@ -58,8 +56,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} - securityContext: - {{ include "testkube-cloud-api.containerSecurityContext" . | trim }} + securityContext: {{ include "testkube-cloud-api.containerSecurityContext" . | nindent 12 }} image: {{ include "testkube-api.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: diff --git a/charts/testkube-cloud-api/templates/migrations-job.yaml b/charts/testkube-cloud-api/templates/migrations-job.yaml index cde40bd4c..ca0658296 100644 --- a/charts/testkube-cloud-api/templates/migrations-job.yaml +++ b/charts/testkube-cloud-api/templates/migrations-job.yaml @@ -32,14 +32,12 @@ spec: {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} serviceAccountName: {{ include "testkube-cloud-api.serviceAccountName" . }} - securityContext: - {{ include "testkube-cloud-api.podSecurityContext" . | trim }} + securityContext: {{ include "testkube-cloud-api.podSecurityContext" . | nindent 8 }} {{- if .Values.init.enabled }} initContainers: - name: wait-for-mongo image: {{ include "testkube-cloud-api.init-mongo-image" . }} - securityContext: - {{ include "init-wait-for-mongo.containerSecurityContext" . | trim}} + securityContext: {{ include "init-wait-for-mongo.containerSecurityContext" . | nindent 12 }} command: ["/bin/sh", "-c"] args: - | @@ -62,8 +60,7 @@ spec: containers: - name: migrations image: {{ include "testkube-api.image" . }} - securityContext: - {{ include "testkube-cloud-api.containerSecurityContext" . | trim }} + securityContext: {{ include "testkube-cloud-api.containerSecurityContext" . | nindent 12 }} args: ["migrate"] env: - name: ENTERPRISE_MODE diff --git a/charts/testkube-cloud-ui/templates/deployment.yaml b/charts/testkube-cloud-ui/templates/deployment.yaml index b29bab456..380f075b6 100644 --- a/charts/testkube-cloud-ui/templates/deployment.yaml +++ b/charts/testkube-cloud-ui/templates/deployment.yaml @@ -28,12 +28,10 @@ spec: {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} serviceAccountName: {{ include "testkube-cloud-ui.serviceAccountName" . }} - securityContext: - {{ include "testkube-cloud-ui.podSecurityContext" . | trim }} + securityContext: {{ include "testkube-cloud-ui.podSecurityContext" . | nindent 8 }} containers: - name: {{ .Chart.Name }} - securityContext: - {{ include "testkube-cloud-ui.containerSecurityContext" . | trim }} + securityContext: {{ include "testkube-cloud-ui.containerSecurityContext" . | nindent 12 }} image: {{ include "testkube-dashboard.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} ports: diff --git a/charts/testkube-enterprise/Chart.lock b/charts/testkube-enterprise/Chart.lock index 10ba466ea..70a40fd78 100644 --- a/charts/testkube-enterprise/Chart.lock +++ b/charts/testkube-enterprise/Chart.lock @@ -16,15 +16,15 @@ dependencies: version: 2.1.81 - name: dex repository: file://./charts/dex - version: 0.19.1-4 + version: 0.19.1-5 - name: mongodb repository: https://charts.bitnami.com/bitnami version: 15.6.16 - name: nats repository: file://./charts/nats - version: 1.2.6-2 + version: 1.2.6-3 - name: minio repository: https://charts.bitnami.com/bitnami version: 14.7.0 -digest: sha256:17bf730828203280f9c9363f0bd11a4da94b913d56bb9607fc7f23be83bd338b -generated: "2024-11-08T08:37:06.655613012Z" +digest: sha256:78b39190123a22dba8130cd9a15fd37f8ec76b5ec89ba494488ab22d6586d868 +generated: "2024-11-08T12:43:15.633902+02:00" diff --git a/charts/testkube-enterprise/Chart.yaml b/charts/testkube-enterprise/Chart.yaml index 233c33c2a..b54a5fc6f 100644 --- a/charts/testkube-enterprise/Chart.yaml +++ b/charts/testkube-enterprise/Chart.yaml @@ -22,7 +22,7 @@ dependencies: repository: https://kubeshop.github.io/helm-charts condition: testkube-agent.enabled - name: dex - version: 0.19.1-4 + version: 0.19.1-5 repository: file://./charts/dex condition: dex.enabled - name: mongodb @@ -31,7 +31,7 @@ dependencies: condition: mongodb.enabled - name: nats condition: testkube-api.nats.enabled - version: 1.2.6-2 + version: 1.2.6-3 repository: "file://./charts/nats" - name: minio version: 14.7.0 diff --git a/charts/testkube-enterprise/charts/dex/Chart.yaml b/charts/testkube-enterprise/charts/dex/Chart.yaml index 3085664f2..85885fa3d 100644 --- a/charts/testkube-enterprise/charts/dex/Chart.yaml +++ b/charts/testkube-enterprise/charts/dex/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 type: application name: dex -version: 0.19.1-4 +version: 0.19.1-5 appVersion: "2.41.1" kubeVersion: ">=1.14.0-0" description: OpenID Connect (OIDC) identity and OAuth 2.0 provider with pluggable connectors. diff --git a/charts/testkube-enterprise/charts/dex/templates/deployment.yaml b/charts/testkube-enterprise/charts/dex/templates/deployment.yaml index 4b5ca817e..325a7cca5 100644 --- a/charts/testkube-enterprise/charts/dex/templates/deployment.yaml +++ b/charts/testkube-enterprise/charts/dex/templates/deployment.yaml @@ -46,16 +46,14 @@ spec: {{- with .Values.priorityClassName }} priorityClassName: {{ . | quote }} {{- end }} - securityContext: - {{ include "dex.podSecurityContext" . | trim }} + securityContext: {{ include "dex.podSecurityContext" . | nindent 8 }} {{- with .Values.hostAliases }} hostAliases: {{- toYaml . | nindent 8 }} {{- end }} containers: - name: {{ .Chart.Name }} - securityContext: - {{ include "dex.containerSecurityContext" . | trim }} + securityContext: {{ include "dex.containerSecurityContext" . | nindent 12 }} {{- include "dex.image" . | nindent 10 }} imagePullPolicy: {{ .Values.image.pullPolicy }} args: diff --git a/charts/testkube-enterprise/charts/nats/Chart.yaml b/charts/testkube-enterprise/charts/nats/Chart.yaml index 8a10ffc6d..7113dc2d4 100644 --- a/charts/testkube-enterprise/charts/nats/Chart.yaml +++ b/charts/testkube-enterprise/charts/nats/Chart.yaml @@ -6,7 +6,7 @@ keywords: - nats - messaging - cncf -version: 1.2.6-2 +version: 1.2.6-3 home: http://github.com/nats-io/k8s maintainers: - email: info@nats.io diff --git a/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml b/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml index 08f062e7e..5ad408d19 100644 --- a/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml +++ b/charts/testkube-enterprise/charts/nats/files/stateful-set/reloader-container.yaml @@ -28,4 +28,4 @@ volumeMounts: securityContext: - {{- include "nats.containerSecurityContext" $ | nindent 6 }} \ No newline at end of file + {{- include "nats.containerSecurityContext" $ | nindent 4 }} \ No newline at end of file diff --git a/charts/testkube-enterprise/templates/shared-secrets/job.yaml b/charts/testkube-enterprise/templates/shared-secrets/job.yaml index ca740070a..b8d649dc8 100644 --- a/charts/testkube-enterprise/templates/shared-secrets/job.yaml +++ b/charts/testkube-enterprise/templates/shared-secrets/job.yaml @@ -10,8 +10,7 @@ metadata: spec: template: spec: - securityContext: - {{ include "sharedSecretGenerator.podSecurityContext" . | trim }} + securityContext: {{ include "sharedSecretGenerator.podSecurityContext" . | nindent 8 }} serviceAccountName: testkube-secret-generator restartPolicy: Never containers: @@ -21,8 +20,7 @@ spec: volumeMounts: - name: scripts mountPath: /scripts - securityContext: - {{ include "sharedSecretGenerator.containerSecurityContext" . | trim }} + securityContext: {{ include "sharedSecretGenerator.containerSecurityContext" . | nindent 12 }} resources: {{- toYaml .Values.sharedSecretGenerator.resources | nindent 12 }} volumes: diff --git a/charts/testkube-enterprise/values.yaml b/charts/testkube-enterprise/values.yaml index 6168f7c12..c70e62e19 100644 --- a/charts/testkube-enterprise/values.yaml +++ b/charts/testkube-enterprise/values.yaml @@ -94,9 +94,11 @@ global: # -- Toggle whether to globally skip certificate verification #skipVerify: true # -- Global security Context for all containers, except for MongoDB and MinIo. Container security context for them needs to be provided separately. - containerSecurityContext: {} + containerSecurityContext: + jfdj: ddd # -- Global security Context for all pods, except for MongoDB and MinIo. Pod security Context for them needs to be provided separately. - podSecurityContext: {} + podSecurityContext: + ggg: ggg # Testkube requires a variety of secrets to operate. # Any secret not provided manually will be automatically generated with a random value by the shared secret job. sharedSecretGenerator: diff --git a/charts/testkube-logs-service/templates/deployment.yaml b/charts/testkube-logs-service/templates/deployment.yaml index b11eb7b40..45af92f5f 100644 --- a/charts/testkube-logs-service/templates/deployment.yaml +++ b/charts/testkube-logs-service/templates/deployment.yaml @@ -28,12 +28,10 @@ spec: {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} serviceAccountName: {{ include "testkube-log-service.serviceAccountName" . }} - securityContext: - {{ include "testkube-logs-service.podSecurityContext" . | trim }} + securityContext: {{ include "testkube-logs-service.podSecurityContext" . | nindent 8 }} containers: - name: {{ .Chart.Name }} - securityContext: - {{ include "testkube-logs-service.containerSecurityContext" . | trim }} + securityContext: {{ include "testkube-logs-service.containerSecurityContext" . | nindent 12 }} image: {{ include "testkube-logs.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: diff --git a/charts/testkube-worker-service/templates/deployment.yaml b/charts/testkube-worker-service/templates/deployment.yaml index 10e074150..dc1652a55 100644 --- a/charts/testkube-worker-service/templates/deployment.yaml +++ b/charts/testkube-worker-service/templates/deployment.yaml @@ -28,13 +28,11 @@ spec: {{- toYaml .Values.imagePullSecrets | nindent 8 }} {{- end }} serviceAccountName: {{ include "testkube-worker-service.serviceAccountName" . }} - securityContext: - {{ include "testkube-worker-service.podSecurityContext" . | trim }} + securityContext: {{ include "testkube-worker-service.podSecurityContext" . | nindent 8 }} initContainers: - name: wait-for-mongo image: {{ include "testkube-worker.init-mongo-image" . }} - securityContext: - {{ include "init-wait-for-mongo.containerSecurityContext" . | trim }} + securityContext: {{ include "init-wait-for-mongo.containerSecurityContext" . | nindent 12 }} command: ["/bin/sh", "-c"] args: - | @@ -55,8 +53,7 @@ spec: {{- end }} containers: - name: {{ .Chart.Name }} - securityContext: - {{ include "testkube-worker-service.containerSecurityContext" . | trim }} + securityContext: {{ include "testkube-worker-service.containerSecurityContext" . | nindent 12 }} image: {{ include "testkube-worker.image" . }} imagePullPolicy: {{ .Values.global.imagePullPolicy | default .Values.image.pullPolicy }} env: