diff --git a/pkg/fixtures/deployments/helm/charts/values.yaml b/pkg/fixtures/deployments/helm/charts/values.yaml index e9be6462..5af9625e 100644 --- a/pkg/fixtures/deployments/helm/charts/values.yaml +++ b/pkg/fixtures/deployments/helm/charts/values.yaml @@ -78,7 +78,27 @@ affinity: matchLabels: app.kubernetes.io/name: testapp -securityContext: {} +securityContext: + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + add: + - SETPCAP + - MKNOD + - AUDIT_WRITE + - CHOWN + - DAC_OVERRIDE + - FOWNER + - FSETID + - KILL + - SETGID + - SETUID + - NET_BIND_SERVICE + - SYS_CHROOT + - SETFCAP + - SYS_PTRACE envVars: diff --git a/template/deployments/helm/charts/templates/configmap.yaml b/template/deployments/helm/charts/templates/configmap.yaml index d224844e..3447b36a 100644 --- a/template/deployments/helm/charts/templates/configmap.yaml +++ b/template/deployments/helm/charts/templates/configmap.yaml @@ -10,6 +10,6 @@ metadata: data: {{- ` {{- range $key, $value := .Values.envVars }} - "{{ $key }}": "{{ $value }}" + {{ $key }}: {{ $value }} {{- end }} ` -}} \ No newline at end of file diff --git a/template/deployments/helm/charts/values.yaml b/template/deployments/helm/charts/values.yaml index e97c664c..8ace3114 100644 --- a/template/deployments/helm/charts/values.yaml +++ b/template/deployments/helm/charts/values.yaml @@ -79,9 +79,6 @@ affinity: app.kubernetes.io/name: {{ .Config.GetVariableValue "APPNAME" }} securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 seccompProfile: type: RuntimeDefault capabilities: diff --git a/template/deployments/kustomize/base/configmap.yaml b/template/deployments/kustomize/base/configmap.yaml index 9d924e4b..76fb1235 100644 --- a/template/deployments/kustomize/base/configmap.yaml +++ b/template/deployments/kustomize/base/configmap.yaml @@ -8,5 +8,5 @@ metadata: kubernetes.azure.com/generator: {{ .Config.GetVariableValue "GENERATORLABEL" }} data: {{- range $key, $value := .Config.GetVariableValue "ENVVARS" }} - "{{ $key }}": "{{ $value }}" + {{ $key }}: {{ $value }} {{- end }} \ No newline at end of file diff --git a/template/deployments/kustomize/base/deployment.yaml b/template/deployments/kustomize/base/deployment.yaml index d1f3fd02..7f216e0d 100644 --- a/template/deployments/kustomize/base/deployment.yaml +++ b/template/deployments/kustomize/base/deployment.yaml @@ -44,9 +44,6 @@ spec: successThreshold: {{ .Config.GetVariableValue "READINESSSUCCESSTHRESHOLD" }} initialDelaySeconds: {{ .Config.GetVariableValue "READINESSINITIALDELAY" }} securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 seccompProfile: type: RuntimeDefault capabilities: diff --git a/template/deployments/manifests/manifests/configmap.yaml b/template/deployments/manifests/manifests/configmap.yaml index 9d924e4b..76fb1235 100644 --- a/template/deployments/manifests/manifests/configmap.yaml +++ b/template/deployments/manifests/manifests/configmap.yaml @@ -8,5 +8,5 @@ metadata: kubernetes.azure.com/generator: {{ .Config.GetVariableValue "GENERATORLABEL" }} data: {{- range $key, $value := .Config.GetVariableValue "ENVVARS" }} - "{{ $key }}": "{{ $value }}" + {{ $key }}: {{ $value }} {{- end }} \ No newline at end of file diff --git a/template/deployments/manifests/manifests/deployment.yaml b/template/deployments/manifests/manifests/deployment.yaml index d1f3fd02..7f216e0d 100644 --- a/template/deployments/manifests/manifests/deployment.yaml +++ b/template/deployments/manifests/manifests/deployment.yaml @@ -44,9 +44,6 @@ spec: successThreshold: {{ .Config.GetVariableValue "READINESSSUCCESSTHRESHOLD" }} initialDelaySeconds: {{ .Config.GetVariableValue "READINESSINITIALDELAY" }} securityContext: - runAsNonRoot: true - runAsUser: 1000 - runAsGroup: 3000 seccompProfile: type: RuntimeDefault capabilities: