Skip to content

Commit

Permalink
Update editors for securityContext & os linux
Browse files Browse the repository at this point in the history 
Signed-off-by: Arnob kumar saha <[email protected]>
  • Loading branch information
@ArnobKumarSaha
ArnobKumarSaha committed Dec 13, 2024
1 parent 7d031db commit 534f587
Show file tree
Hide file tree
Showing 57 changed files with 1,545 additions and 500,417 deletions.
25 changes: 17 additions & 8 deletions charts/kubedbcom-elasticsearch-editor/crds/catalog.appscode.com_elasticsearchbindings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,19 @@ spec:
API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand All @@ -37,10 +42,14 @@ spec:
description: SourceRef refers to the source app instance.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
required:
- name
Expand Down
25,253 changes: 9 additions & 25,244 deletions charts/kubedbcom-elasticsearch-editor/crds/core.kubestash.com_backupblueprints.yaml
View file

Large diffs are not rendered by default.

22,336 changes: 9 additions & 22,327 deletions charts/kubedbcom-elasticsearch-editor/crds/core.kubestash.com_backupconfigurations.yaml
View file

Large diffs are not rendered by default.

14,980 changes: 28 additions & 14,952 deletions charts/kubedbcom-elasticsearch-editor/crds/core.kubestash.com_restoresessions.yaml
View file

Large diffs are not rendered by default.

12 changes: 12 additions & 0 deletions charts/kubedbcom-elasticsearch-editor/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,15 @@ Alert Enabled
{{- end -}}
{{- if (and $sev (le $sev $result) $enabled) -}}{{ (mustLast .) }}{{- end -}}
{{- end }}

{{- define "container.securityContext" -}}
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: {{ $.Values.spec.openshift.securityContext.runAsUser | default 1000 }}
seccompProfile:
type: RuntimeDefault
{{- end }}
59 changes: 46 additions & 13 deletions charts/kubedbcom-elasticsearch-editor/values.openapiv3_schema.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12292,6 +12292,15 @@ properties:
properties:
backend:
type: string
backupVerifier:
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
deletionPolicy:
enum:
- Delete
Expand Down Expand Up @@ -24382,6 +24391,15 @@ properties:
properties:
backend:
type: string
backupVerifier:
properties:
name:
type: string
namespace:
type: string
required:
- name
type: object
deletionPolicy:
enum:
- Delete
Expand Down Expand Up @@ -36536,19 +36554,6 @@ properties:
type: boolean
dbName:
type: string
internalAuthIssuerRef:
properties:
apiGroup:
type: string
kind:
type: string
name:
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
restoreNamespace:
type: string
tlsIssuerRef:
Expand Down Expand Up @@ -36673,6 +36678,34 @@ properties:
type: object
x-kubernetes-map-type: atomic
type: object
redisSentinel:
properties:
SentinelName:
type: string
authSecret:
default: true
type: boolean
authSecretName:
type: string
restoreNamespace:
type: string
sentinel:
default: true
type: boolean
tlsIssuerRef:
properties:
apiGroup:
type: string
kind:
type: string
name:
type: string
required:
- kind
- name
type: object
x-kubernetes-map-type: atomic
type: object
singlestore:
properties:
authSecret:
Expand Down
79 changes: 71 additions & 8 deletions charts/kubedbcom-elasticsearch-editor/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -202,9 +202,18 @@ resources:
- addon:
jobTemplate:
spec:
securityContext:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
name: elasticsearch-addon
tasks:
- name: logical-backup
Expand All @@ -217,10 +226,26 @@ resources:
namespace: demo
name: elasticsearch-repo
scheduler:
failedJobsHistoryLimit: 4
jobTemplate:
backoffLimit: 1
schedule: '*/5 * * * *'
sessionHistoryLimit: 2
backoffLimit: 2
template:
spec:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
schedule: 0 */2 * * *
successfulJobsHistoryLimit: 2
sessionHistoryLimit: 3
usagePolicy:
allowedNamespaces:
from: Same
Expand All @@ -243,9 +268,18 @@ resources:
- addon:
jobTemplate:
spec:
securityContext:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
name: elasticsearch-addon
tasks:
- name: logical-backup
Expand All @@ -258,10 +292,26 @@ resources:
namespace: demo
name: elasticsearch-repo
scheduler:
failedJobsHistoryLimit: 4
jobTemplate:
backoffLimit: 1
schedule: '*/5 * * * *'
sessionHistoryLimit: 2
backoffLimit: 2
template:
spec:
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
nodeSelector:
kubernetes.io/os: linux
schedule: 0 */2 * * *
successfulJobsHistoryLimit: 2
sessionHistoryLimit: 3
target:
apiGroup: kubedb.com
kind: Elasticsearch
Expand All @@ -275,8 +325,21 @@ resources:
namespace: demo
spec:
addon:
containerRuntimeSettings:
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
jobTemplate:
spec:
nodeSelector:
kubernetes.io/os: linux
securityContext:
runAsGroup: 0
runAsUser: 1000
Expand Down
25 changes: 17 additions & 8 deletions charts/kubedbcom-mariadb-editor/crds/catalog.appscode.com_mariadbbindings.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,19 @@ spec:
description: MariaDBBinding is the Schema for the mariadbbindings API
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
of an object. Servers should convert recognized schemas to the latest
internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
description: |-
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
description: 'Kind is a string value representing the REST resource this
object represents. Servers may infer this from the endpoint the client
submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
description: |-
Kind is a string value representing the REST resource this object represents.
Servers may infer this from the endpoint the client submits requests to.
Cannot be updated.
In CamelCase.
More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
Expand All @@ -36,10 +41,14 @@ spec:
description: SourceRef refers to the source app instance.
properties:
name:
description: 'Name of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names'
description: |-
Name of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names
type: string
namespace:
description: 'Namespace of the referent. More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/'
description: |-
Namespace of the referent.
More info: https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/
type: string
required:
- name
Expand Down
Loading

0 comments on commit 534f587

Please sign in to comment.