From de84bb090b8f15c9c5eab27ac231c38094bbbba6 Mon Sep 17 00:00:00 2001 From: David Young Date: Mon, 5 Sep 2022 12:13:49 +1200 Subject: [PATCH 1/2] Add containerSecurityContext to charts Signed-off-by: David Young --- helm/operator/Chart.yaml | 2 +- .../templates/console-deployment.yaml | 4 ++++ .../templates/operator-deployment.yaml | 6 ++++- helm/operator/values.yaml | 24 ++++++++++++++++++- 4 files changed, 33 insertions(+), 3 deletions(-) diff --git a/helm/operator/Chart.yaml b/helm/operator/Chart.yaml index 43a7fa89d47..426262525e9 100644 --- a/helm/operator/Chart.yaml +++ b/helm/operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 4.4.28 +version: 4.5.0 appVersion: v4.4.28 keywords: - storage diff --git a/helm/operator/templates/console-deployment.yaml b/helm/operator/templates/console-deployment.yaml index 5287db593c6..265530f6fc2 100644 --- a/helm/operator/templates/console-deployment.yaml +++ b/helm/operator/templates/console-deployment.yaml @@ -59,6 +59,10 @@ spec: {{- end }} resources: {{- toYaml .Values.console.resources | nindent 12 }} + {{- with .Values.console.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: {{- with .Values.console.volumeMounts }} {{- toYaml . | nindent 12 }} diff --git a/helm/operator/templates/operator-deployment.yaml b/helm/operator/templates/operator-deployment.yaml index 2932f6048ab..0c26dd5176c 100644 --- a/helm/operator/templates/operator-deployment.yaml +++ b/helm/operator/templates/operator-deployment.yaml @@ -49,7 +49,11 @@ spec: {{ toYaml . | nindent 10 }} {{- end }} resources: - {{- toYaml .Values.operator.resources | nindent 12 }} + {{- toYaml .Values.operator.resources | nindent 12 }} + {{- with .Values.operator.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- with .Values.operator.initContainers }} initContainers: {{- toYaml . | nindent 8 }} diff --git a/helm/operator/values.yaml b/helm/operator/values.yaml index 48816388b66..75b55ff9670 100644 --- a/helm/operator/values.yaml +++ b/helm/operator/values.yaml @@ -19,8 +19,18 @@ operator: securityContext: runAsUser: 1000 runAsGroup: 1000 - runAsNonRoot: true fsGroup: 1000 + runAsNonRoot: true + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL nodeSelector: { } affinity: { } tolerations: [ ] @@ -46,7 +56,19 @@ console: resources: { } securityContext: runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 runAsNonRoot: true + containerSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL ingress: enabled: false ingressClassName: "" From 67537adec2ef1f1bdf2996a14dc31e31465eae9e Mon Sep 17 00:00:00 2001 From: David Young Date: Mon, 5 Sep 2022 13:12:18 +1200 Subject: [PATCH 2/2] Revert chart version bump Signed-off-by: David Young --- helm/operator/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/operator/Chart.yaml b/helm/operator/Chart.yaml index 426262525e9..43a7fa89d47 100644 --- a/helm/operator/Chart.yaml +++ b/helm/operator/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 description: A Helm chart for MinIO Operator name: operator -version: 4.5.0 +version: 4.4.28 appVersion: v4.4.28 keywords: - storage