add securitycontext for server

GDATASoftwareAG · Nov 21, 2023 · 34c3ddd · 34c3ddd
1 parent e3b0f88
commit 34c3ddd
Show file tree

Hide file tree

Showing 4 changed files with 13 additions and 2 deletions.
diff --git a/charts/gdscan/Chart.yaml b/charts/gdscan/Chart.yaml
@@ -5,4 +5,4 @@ maintainers:
   - name: G DATA CyberDefense AG
     email: [email protected]
 type: application
-version: 1.3.5
+version: 1.4.0
diff --git a/charts/gdscan/templates/deployment.yaml b/charts/gdscan/templates/deployment.yaml
@@ -57,6 +57,8 @@ spec:
               mountPath: /tmp/scan
             - name: scan-socket
               mountPath: /var/share/run
+            - name: server-var-log
+              mountPath: /var/log
           resources:
             {{- toYaml .Values.resources.server | nindent 12 }}
         - name: {{ .Values.client.name }}

diff --git a/charts/gdscan/templates/stateful-set.yaml b/charts/gdscan/templates/stateful-set.yaml
@@ -49,19 +49,26 @@ spec:
               value: "{{ now | unixEpoch }}"
           image: "{{ .Values.server.image.repository }}:{{ .Values.server.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.server.image.pullPolicy }}
+          {{- if .Values.server.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.server.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - name: samples
               mountPath: /tmp/scan
             - name: scan-socket
               mountPath: /var/share/run
+              {{- if .Values.server.containerSecurityContext.enabled }}
+            - name: server-var-log
+              mountPath: /var/log
+              {{- end }}
           resources:
             {{- toYaml .Values.resources.server | nindent 12 }}
         - name: {{ .Values.client.name }}
           image: "{{ .Values.client.image.repository }}:{{ .Values.client.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.client.image.pullPolicy }}
           {{- if .Values.client.containerSecurityContext.enabled }}
           securityContext: {{- omit .Values.client.containerSecurityContext "enabled" | toYaml | nindent 12 }}
-          {{- end }}          
+          {{- end }}
           volumeMounts:
             - name: samples
               mountPath: /tmp/scan

diff --git a/charts/gdscan/values.yaml b/charts/gdscan/values.yaml
@@ -6,6 +6,8 @@ server:
     repository: ghcr.io/gdatasoftwareag/scanserver
     pullPolicy: Always
     tag: 1.8.0
+  containerSecurityContext:
+    enabled: false
 client:
   name: client
   image: