openstack/openstack-helm-infra
Code Issues Proposed changes

prometheus-node-exporter: Fix security context

Browse Source 
This PS fixes the use of the security context macros for the
node-exporter chart.

Change-Id: I7009a5675096036ac9f214d70c853830b7132264
This commit is contained in:
RAHUL KHIYANI 2019-04-22 10:17:38 -05:00
parent 274697f9cf
commit bc9bbe4e34
2 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
prometheus-node-exporter/templates/daemonset.yaml
View File

@ -55,8 +55,7 @@ spec:
{{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }} {{ tuple $envAll | include "helm-toolkit.snippets.release_uuid" | indent 8 }}
configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }} configmap-bin-hash: {{ tuple "configmap-bin.yaml" . | include "helm-toolkit.utils.hash" }}
spec: spec:
securityContext: {{ dict "envAll" $envAll "application" "metrics" | include "helm-toolkit.snippets.kubernetes_pod_security_context" | indent 6 }}
readOnlyRootFilesystem: true
serviceAccountName: {{ $serviceAccountName }} serviceAccountName: {{ $serviceAccountName }}
{{ if .Values.pod.tolerations.node_exporter.enabled }} {{ if .Values.pod.tolerations.node_exporter.enabled }}
{{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }} {{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.kubernetes_tolerations" | indent 6 }}
@ -72,6 +71,7 @@ spec:
- name: node-exporter - name: node-exporter
{{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.image" | indent 10 }} {{ tuple $envAll "node_exporter" | include "helm-toolkit.snippets.image" | indent 10 }}
{{ tuple $envAll $envAll.Values.pod.resources.node_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }} {{ tuple $envAll $envAll.Values.pod.resources.node_exporter | include "helm-toolkit.snippets.kubernetes_resources" | indent 10 }}
{{ dict "envAll" $envAll "application" "metrics" "container" "node_exporter" | include "helm-toolkit.snippets.kubernetes_container_security_context" | indent 10 }}
command: command:
- /tmp/node-exporter.sh - /tmp/node-exporter.sh
ports: ports:

8
prometheus-node-exporter/values.yaml
View File

@ -37,6 +37,14 @@ labels:
node_selector_value: enabled node_selector_value: enabled
pod: pod:
security_context:
metrics:
pod:
runAsUser: 65534
container:
node_exporter:
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
affinity: affinity:
anti: anti:
type: type: