airship/charts
Code Issues Proposed changes

fix(gate): fixes securityContext

Browse Source 
This patch fixes the securityContext for the tekton-pipeline charts to
unclog a gate failure.

Signed-off-by: Tin Lam <tin@irrational.io>
Change-Id: I5a44f6ecd92c0800aa9f43206fd2c7621d7ac260
This commit is contained in:
Tin Lam 2021-03-09 10:09:54 -06:00
parent e30a406416
commit 930ff2db04
3 changed files with 12 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
charts/tekton-pipelines/templates/deployment-controller.yaml
View File

@ -73,8 +73,12 @@ spec:
- name: METRICS_DOMAIN - name: METRICS_DOMAIN
value: {{ $.Values.controller.conf.metrics_domain }} value: {{ $.Values.controller.conf.metrics_domain }}
securityContext: securityContext:
allowPrivilegeEscalation: {{ $.Values.controller.pod.security_context.container.tekton_pipelines_controller.allowPrivilegeEscalation }} allowPrivilegeEscalation: false
runAsUser: {{ $.Values.controller.pod.security_context.container.tekton_pipelines_controller.runAsUser }} runAsUser: 65532
runAsGroup: 65532
capabilities:
drop:
- all
volumes: volumes:
- name: config-logging - name: config-logging
configMap: configMap:

8
charts/tekton-pipelines/templates/deployment-webhook.yaml
View File

@ -48,8 +48,12 @@ spec:
- name: METRICS_DOMAIN - name: METRICS_DOMAIN
value: {{ $.Values.webhook.conf.metrics_domain }} value: {{ $.Values.webhook.conf.metrics_domain }}
securityContext: securityContext:
allowPrivilegeEscalation: {{ $.Values.webhook.pod.security_context.container.webhook.allowPrivilegeEscalation }} allowPrivilegeEscalation: false
runAsUser: {{ $.Values.webhook.pod.security_context.container.webhook.runAsUser }} runAsUser: 65532
runAsGroup: 65532
capabilities:
drop:
- all
ports: ports:
- name: metrics - name: metrics
containerPort: {{ $.Values.webhook.endpoints.ports.metrics.targetPort }} containerPort: {{ $.Values.webhook.endpoints.ports.metrics.targetPort }}

10
charts/tekton-pipelines/values.yaml
View File

@ -74,11 +74,6 @@ controller:
pod: pod:
replicas: 1 replicas: 1
security_context:
container:
tekton_pipelines_controller:
runAsUser: 1001
allowPrivilegeEscalation: false
conf: conf:
metrics_domain: tekton.dev/pipeline metrics_domain: tekton.dev/pipeline
@ -134,11 +129,6 @@ webhook:
periodSeconds: 10 periodSeconds: 10
timeoutSeconds: 1 timeoutSeconds: 1
replicas: 1 replicas: 1
security_context:
container:
webhook:
runAsUser: 1001
allowPrivilegeEscalation: false
conf: conf:
metrics_domain: tekton.dev/pipeline metrics_domain: tekton.dev/pipeline