Skip to content
Snippets Groups Projects
Commit 01652185 authored by Stefan Voshage's avatar Stefan Voshage
Browse files

Dataport: Anpassung der Helm-Charts gemäß den Kyverno Richtlinien bei Dataport 

Enrichtung eines Service Accounts
Einrichtung der Livenes-probes
Einrichtung des Securitycontext
nach dem Vorbild des Alfa Helm-Charts
parent eeb1254b
No related branches found
No related tags found
No related merge requests found
Show whitespace changes
Inline Side-by-side
src/main/helm/templates/_helpers.tpl
+ 3
1
View file @ 01652185
...@@ -38,7 +38,9 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }} ...@@ -38,7 +38,9 @@ app.kubernetes.io/namespace: {{ include "app.namespace" . }}
{{- define "app.ssoRealm" -}} {{- define "app.ssoRealm" -}}
{{ printf "%s-%s-%s" (include "app.ozgcloudBundesland" .) ( include "app.ozgcloudBezeichner" . ) ( include "app.ozgcloudEnvironment" . ) | trunc 63 | trimSuffix "-" }} {{ printf "%s-%s-%s" (include "app.ozgcloudBundesland" .) ( include "app.ozgcloudBezeichner" . ) ( include "app.ozgcloudEnvironment" . ) | trunc 63 | trimSuffix "-" }}
{{- end -}} {{- end -}}
{{- define "app.serviceAccountName" -}}
{{ printf "%s" ( (.Values.serviceAccount).name | default "administration-service-account" ) }}
{{- end -}}
{{- define "app.ozgcloudBundesland" -}} {{- define "app.ozgcloudBundesland" -}}
{{- required "Bundesland muss angegeben sein" (.Values.ozgcloud).bundesland }} {{- required "Bundesland muss angegeben sein" (.Values.ozgcloud).bundesland }}
{{- end -}} {{- end -}}
......
src/main/helm/templates/deployment.yaml
+ 30
3
View file @ 01652185
...@@ -48,6 +48,9 @@ spec: ...@@ -48,6 +48,9 @@ spec:
{{- include "app.defaultLabels" . | indent 8 }} {{- include "app.defaultLabels" . | indent 8 }}
component: {{ .Release.Name }} component: {{ .Release.Name }}
spec: spec:
{{- if (.Values.serviceAccount).create }}
serviceAccountName: {{ include "app.serviceAccountName" . }}
{{- end }}
topologySpreadConstraints: topologySpreadConstraints:
- maxSkew: 1 - maxSkew: 1
topologyKey: kubernetes.io/hostname topologyKey: kubernetes.io/hostname
...@@ -142,6 +145,17 @@ spec: ...@@ -142,6 +145,17 @@ spec:
periodSeconds: 10 periodSeconds: 10
successThreshold: 1 successThreshold: 1
timeoutSeconds: 5 timeoutSeconds: 5
{{- if .Values.enableLivenessProbe }}
livenessProbe:
failureThreshold: 3
httpGet:
path: /actuator/health/liveness
port: 8081
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 3
{{- end }}
resources: resources:
{{- with .Values.resources }} {{- with .Values.resources }}
{{ toYaml . | indent 10 }} {{ toYaml . | indent 10 }}
...@@ -151,6 +165,16 @@ spec: ...@@ -151,6 +165,16 @@ spec:
privileged: false privileged: false
readOnlyRootFilesystem: false readOnlyRootFilesystem: false
runAsNonRoot: true runAsNonRoot: true
{{- with (.Values.securityContext).runAsUser }}
runAsUser: {{ . }}
{{- end }}
{{- with (.Values.securityContext).runAsGroup }}
runAsGroup: {{ . }}
{{- end }}
{{- with (.Values.securityContext).capabilities }}
capabilities:
{{ toYaml . | indent 12 }}
{{- end }}
stdin: true stdin: true
terminationMessagePath: /dev/termination-log terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File terminationMessagePolicy: File
...@@ -178,5 +202,8 @@ spec: ...@@ -178,5 +202,8 @@ spec:
- name: {{ required "image-pull-secret must be set" .Values.imagePullSecret }} - name: {{ required "image-pull-secret must be set" .Values.imagePullSecret }}
restartPolicy: Always restartPolicy: Always
schedulerName: default-scheduler schedulerName: default-scheduler
securityContext: {} {{- with .Values.podSecurityContext }}
terminationGracePeriodSeconds: 300000000 securityContext:
\ No newline at end of file {{ toYaml . | indent 8 }}
{{- end }}
terminationGracePeriodSeconds: 30
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment

Impressum - Datenschutz - Barrierefreiheit