Skip to content

Commit

Permalink
Add kubernetes.io/os=linux label to all options yaml
Browse files Browse the repository at this point in the history 
Signed-off-by: Arnob kumar saha <[email protected]>
  • Loading branch information
@ArnobKumarSaha
ArnobKumarSaha committed Dec 12, 2024
1 parent c2dfca2 commit f4fb543
Show file tree
Hide file tree
Showing 38 changed files with 210 additions and 83 deletions.
3 changes: 1 addition & 2 deletions charts/kubedbcom-clickhouse-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -22,7 +22,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
12 changes: 12 additions & 0 deletions charts/kubedbcom-druid-editor-options/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,15 @@ Alert Enabled
{{- end -}}
{{- if (and $sev (le $sev $result) $enabled) -}}{{ (mustLast .) }}{{- end -}}
{{- end }}

{{- define "container.securityContext" -}}
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: {{ $.Values.spec.openshift.securityContext.runAsUser | default 1000 }}
seccompProfile:
type: RuntimeDefault
{{- end }}
3 changes: 1 addition & 2 deletions charts/kubedbcom-druid-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,8 +23,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -34,7 +34,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
18 changes: 16 additions & 2 deletions charts/kubedbcom-druid-editor-options/templates/kubestash/backupconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,19 @@ spec:
namespace: {{ .Values.spec.backup.kubestash.retentionPolicy.namespace }}
sessions:
- name: full-backup
sessionHistoryLimit: 2
sessionHistoryLimit: 3
scheduler:
schedule: {{ .Values.spec.backup.kubestash.schedule | quote }}
jobTemplate:
backoffLimit: 1
template:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 16 }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 2
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 4
repositories:
- name: {{ include "kubedbcom-druid-editor-options.fullname" . }}
backend: default-backend
Expand All @@ -39,4 +47,10 @@ spec:
name: druid-addon
tasks:
- name: logical-backup
jobTemplate:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 14 }}
nodeSelector:
kubernetes.io/os: linux
{{- end }}
12 changes: 12 additions & 0 deletions charts/kubedbcom-elasticsearch-editor-options/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,15 @@ Alert Enabled
{{- end -}}
{{- if (and $sev (le $sev $result) $enabled) -}}{{ (mustLast .) }}{{- end -}}
{{- end }}

{{- define "container.securityContext" -}}
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: {{ $.Values.spec.openshift.securityContext.runAsUser | default 1000 }}
seccompProfile:
type: RuntimeDefault
{{- end }}
3 changes: 1 addition & 2 deletions charts/kubedbcom-elasticsearch-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,8 +30,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -41,7 +41,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
29 changes: 16 additions & 13 deletions charts/kubedbcom-elasticsearch-editor-options/templates/kubestash/backupconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,19 @@ spec:
namespace: {{ .Values.spec.backup.kubestash.retentionPolicy.namespace }}
sessions:
- name: full-backup
sessionHistoryLimit: 2
sessionHistoryLimit: 3
scheduler:
schedule: {{ .Values.spec.backup.kubestash.schedule | quote }}
jobTemplate:
backoffLimit: 1
template:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 16 }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 2
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 4
repositories:
- name: {{ include "kubedbcom-elasticsearch-editor-options.fullname" . }}
backend: default-backend
Expand All @@ -39,15 +47,10 @@ spec:
name: elasticsearch-addon
tasks:
- name: logical-backup
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault

jobTemplate:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 14 }}
nodeSelector:
kubernetes.io/os: linux
{{- end }}
2 changes: 1 addition & 1 deletion charts/kubedbcom-ferretdb-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand Down
3 changes: 1 addition & 2 deletions charts/kubedbcom-kafka-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,8 +25,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -36,7 +36,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
3 changes: 1 addition & 2 deletions charts/kubedbcom-mariadb-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -22,7 +22,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
4 changes: 4 additions & 0 deletions charts/kubedbcom-mariadb-editor-options/templates/kubestash/backupconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ spec:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 16 }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 2
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 4
Expand All @@ -49,4 +51,6 @@ spec:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 14 }}
nodeSelector:
kubernetes.io/os: linux
{{- end }}
3 changes: 1 addition & 2 deletions charts/kubedbcom-memcached-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -22,7 +22,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
3 changes: 1 addition & 2 deletions charts/kubedbcom-mongodb-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,8 +43,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -54,7 +54,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
4 changes: 4 additions & 0 deletions charts/kubedbcom-mongodb-editor-options/templates/kubestash/backupconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ spec:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 16 }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 2
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 4
Expand All @@ -49,4 +51,6 @@ spec:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 14 }}
nodeSelector:
kubernetes.io/os: linux
{{- end }}
12 changes: 12 additions & 0 deletions charts/kubedbcom-mssqlserver-editor-options/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,15 @@ Alert Enabled
{{- end -}}
{{- if (and $sev (le $sev $result) $enabled) -}}{{ (mustLast .) }}{{- end -}}
{{- end }}

{{- define "container.securityContext" -}}
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: {{ $.Values.spec.openshift.securityContext.runAsUser | default 10001 }}
seccompProfile:
type: RuntimeDefault
{{- end }}
2 changes: 1 addition & 1 deletion charts/kubedbcom-mssqlserver-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand Down
28 changes: 16 additions & 12 deletions charts/kubedbcom-mssqlserver-editor-options/templates/kubestash/backupconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,11 +23,19 @@ spec:
namespace: {{ .Values.spec.backup.kubestash.retentionPolicy.namespace }}
sessions:
- name: full-backup
sessionHistoryLimit: 2
sessionHistoryLimit: 3
scheduler:
schedule: {{ .Values.spec.backup.kubestash.schedule | quote }}
jobTemplate:
backoffLimit: 1
template:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 16 }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 2
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 4
repositories:
- name: {{ include "kubedbcom-mssqlserver-editor-options.fullname" . }}
backend: default-backend
Expand All @@ -39,14 +47,10 @@ spec:
name: mssqlserver-addon
tasks:
- name: logical-backup
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
jobTemplate:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 14 }}
nodeSelector:
kubernetes.io/os: linux
{{- end }}
3 changes: 1 addition & 2 deletions charts/kubedbcom-mysql-editor-options/templates/db.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,8 +11,8 @@ podPlacementPolicy:
name: {{ .Values.spec.admin.clusterTier.placement.default }}
{{- end }}

{{- if or .Values.spec.admin.nodeSelector (eq .Values.spec.admin.deployment.default "Dedicated") }}
nodeSelector:
kubernetes.io/os: linux
{{- if .Values.spec.admin.nodeSelector }}
{{- toYaml .Values.spec.admin.nodeSelector | nindent 2 }}
{{- end }}
Expand All @@ -22,7 +22,6 @@ nodeSelector:
namespace: {{ .Release.Namespace }}
nodepool: {{ .Values.spec.admin.clusterTier.nodeTopology.default }}
{{- end }}
{{- end }}

{{- if or .Values.spec.admin.tolerations (eq .Values.spec.admin.deployment.default "Dedicated") }}
tolerations:
Expand Down
4 changes: 4 additions & 0 deletions charts/kubedbcom-mysql-editor-options/templates/kubestash/backupconfiguration.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@ spec:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 16 }}
nodeSelector:
kubernetes.io/os: linux
backoffLimit: 2
successfulJobsHistoryLimit: 2
failedJobsHistoryLimit: 4
Expand All @@ -49,4 +51,6 @@ spec:
spec:
containerSecurityContext:
{{- include "container.securityContext" . | nindent 14 }}
nodeSelector:
kubernetes.io/os: linux
{{- end }}
12 changes: 12 additions & 0 deletions charts/kubedbcom-perconaxtradb-editor-options/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -113,3 +113,15 @@ Alert Enabled
{{- end -}}
{{- if (and $sev (le $sev $result) $enabled) -}}{{ (mustLast .) }}{{- end -}}
{{- end }}

{{- define "container.securityContext" -}}
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 0
runAsNonRoot: true
runAsUser: {{ $.Values.spec.openshift.securityContext.runAsUser | default 1001 }}
seccompProfile:
type: RuntimeDefault
{{- end }}
Loading

0 comments on commit f4fb543

Please sign in to comment.