add securityContext fsGroup

0217e08b · OZG-Cloud Team · 2d6f1474 · 0217e08b · 0217e08b · 0217e08b
Commit 0217e08b authored 1 year ago by OZG-Cloud Team
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -139,9 +139,6 @@ spec:
          {{- with (.Values.securityContext).runAsGroup }}
          runAsGroup: {{ . }}
          {{- end }}
-          {{- with (.Values.securityContext).fsGroup }}
-          fsGroup: {{ . }}
-          {{- end }}
          {{- with (.Values.securityContext).capabilities }}
          capabilities:
 {{ toYaml . | indent 12 }}
@@ -170,5 +167,10 @@ spec:
 {{ toYaml . | indent 8 }}
      {{- end }}
      schedulerName: default-scheduler
+      {{- if (.Values.securityContext).fsGroup }}
+      securityContext:
+        fsGroup: {{ (.Values.securityContext).fsGroup }}
+      {{- else }}
      securityContext: {}
+      {{- end }}
      terminationGracePeriodSeconds: 30
\ No newline at end of file
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -50,7 +50,7 @@ tests:
      - isNull:
          path: spec.template.spec.containers[0].securityContext.runAsGroup
      - isNull:
-          path: spec.template.spec.containers[0].securityContext.fsGroup
+          path: spec.template.spec.securityContext.fsGroup
      - isNull:
          path: spec.template.spec.containers[0].securityContext.capabilities
  - it: check runAsUser
@@ -72,7 +72,7 @@ tests:
      securityContext.fsGroup: 1000
    asserts:
      - equal:
-          path: spec.template.spec.containers[0].securityContext.fsGroup
+          path: spec.template.spec.securityContext.fsGroup
          value: 1000
  - it: check capabilities
    set:

--- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
+++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
@@ -111,9 +111,6 @@ spec:
                {{- with (.Values.securityContext).runAsGroup }}
                runAsGroup: {{ . }}
                {{- end }}
-                {{- with (.Values.securityContext).fsGroup }}
-                fsGroup: {{ . }}
-                {{- end }}
                {{- with (.Values.securityContext).capabilities }}
                capabilities:
 {{ toYaml . | indent 18 }}
@@ -171,3 +168,9 @@ spec:
            {{ else }}
            - name: {{ include "app.name" . }}-image-pull-secret
            {{- end }}
+          {{- if (.Values.securityContext).fsGroup }}
+          securityContext:
+            fsGroup: {{ (.Values.securityContext).fsGroup }}
+          {{- else }}
+          securityContext: {}
+          {{- end }}
\ No newline at end of file
--- a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
+++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
@@ -105,7 +105,7 @@ tests:
    - isNull:
        path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsGroup
    - isNull:
-        path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+        path: spec.jobTemplate.spec.template.spec.securityContext.fsGroup
    - isNull:
        path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities
  - it: check runAsUser
@@ -135,7 +135,7 @@ tests:
      securityContext.fsGroup: 1000
    asserts:
      - equal:
-          path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+          path: spec.jobTemplate.spec.template.spec.securityContext.fsGroup
          value: 1000
  - it: check capabilities
    set: