Skip to content

Commit

Permalink
Dynamically determine the redis user and group for the security context
Browse files Browse the repository at this point in the history
  • Loading branch information
@adamkingit
adamkingit committed Aug 11, 2020
1 parent 46b2699 commit 1f4fa8b
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 5 deletions.
7 changes: 7 additions & 0 deletions build/process-template.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,13 @@ export NODE_USER_ID
NODE_GROUP_ID="$(docker run -it node:lts-alpine /usr/bin/id -g node | tr -d '\r' | tr -d '\n')"
export NODE_GROUP_ID

REDIS_IMAGE="${REDIS_IMAGE:=redis:latest}"
export REDIS_IMAGE
REDIS_USER_ID="$(docker run -it "${REDIS_IMAGE}" /usr/bin/id -u redis | tr -d '\r' | tr -d '\n')"
export REDIS_USER_ID
REDIS_GROUP_ID="$(docker run -it "${REDIS_IMAGE}" /usr/bin/id -g redis | tr -d '\r' | tr -d '\n')"
export REDIS_GROUP_ID

envsubst <"${THIS_DIR}/viewTemplate.json" >/tmp/view.json

npx mustache /tmp/view.json "${FILE}"
5 changes: 4 additions & 1 deletion build/viewTemplate.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,5 +3,8 @@
"TRAVIS_TAG": "${TRAVIS_TAG}",
"GIT_REMOTE": "${GIT_REMOTE}",
"NODE_USER_ID": "${NODE_USER_ID}",
"NODE_GROUP_ID": "${NODE_GROUP_ID}"
"NODE_GROUP_ID": "${NODE_GROUP_ID}",
"REDIS_IMAGE": "${REDIS_IMAGE}",
"REDIS_USER_ID": "${REDIS_USER_ID}",
"REDIS_GROUP_ID": "${REDIS_GROUP_ID}"
}
8 changes: 4 additions & 4 deletions kubernetes/razeedash-api/resource.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -158,12 +158,12 @@ items:
name: redis
spec:
securityContext:
runAsUser: 999
runAsGroup: 1000
fsGroup: 1000
runAsUser: {{{REDIS_USER_ID}}}
runAsGroup: {{{REDIS_GROUP_ID}}}
fsGroup: {{{REDIS_GROUP_ID}}}
containers:
- name: redis
image: redis:latest
image: "{{{REDIS_IMAGE}}}"
imagePullPolicy: Always
ports:
- containerPort: 6379
Expand Down

0 comments on commit 1f4fa8b

Please sign in to comment.