From cc2e4f5c2ce2d0b7c775d6fc7277c88982ddafc5 Mon Sep 17 00:00:00 2001 From: OZGCloud <ozgcloud@mgm-tp.com> Date: Mon, 8 May 2023 10:10:31 +0200 Subject: [PATCH] OZG-3363 add helm securityContext --- .../helm/templates/xta_adapter_cronjob.yaml | 5 +++++ .../helm/xta_adapter_cronjob_basic_test.yaml | 18 +++++++++++++++++- 2 files changed, 22 insertions(+), 1 deletion(-) diff --git a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml index d72900a95..7b781db23 100644 --- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml +++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml @@ -94,6 +94,11 @@ spec: mountPath: "/workspace/keystore/xta-keystore.p12" subPath: file readOnly: true + securityContext: + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: false + runAsNonRoot: false volumes: - name: bindings configMap: diff --git a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml index 0d9342a41..3e0ec759c 100644 --- a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml +++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml @@ -83,4 +83,20 @@ tests: asserts: - equal: path: spec.jobTemplate.spec.template.spec.containers[0].image - value: "docker.ozg-sh.de/xta-adapter:9.9.99" \ No newline at end of file + value: "docker.ozg-sh.de/xta-adapter:9.9.99" + + - it: check securityContext + template: xta_adapter_cronjob.yaml + asserts: + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation + value: false + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.privileged + value: false + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem + value: false + - equal: + path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsNonRoot + value: false \ No newline at end of file -- GitLab