Skip to content

Commit

Permalink
Set the security Context for Couchdb Container of Console (#182)
Browse files Browse the repository at this point in the history
  • Loading branch information
@shoaebjindani
shoaebjindani authored Mar 28, 2024
1 parent 6bd11be commit 06995d6
Show file tree
Hide file tree
Showing 5 changed files with 11 additions and 10 deletions.
2 changes: 1 addition & 1 deletion pkg/offering/base/ca/override/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -184,7 +184,7 @@ func (o *Override) CommonDeployment(instance *current.IBPCA, deployment *dep.Dep
}

// set seccompProfile to RuntimeDefault
common.GetPodSecurityContext(caCont)
common.SetPodSecurityContext(caCont)

return nil
}
Expand Down
8 changes: 4 additions & 4 deletions pkg/offering/base/console/override/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -189,7 +189,7 @@ func (o *Override) CommonDeployment(instance *current.IBPConsole, deployment *de
resourcesRequest := instance.Spec.Resources
if !instance.Spec.UsingRemoteDB() {
couchdb := deployment.MustGetContainer(COUCHDB)

common.SetPodSecurityContext(couchdb)
if instance.Spec.ConnectionString != "" {
connectionURL, err := url.Parse(instance.Spec.ConnectionString)
if err != nil {
Expand Down Expand Up @@ -320,9 +320,9 @@ func (o *Override) CommonDeployment(instance *current.IBPConsole, deployment *de
init.SetCommand([]string{"sh", "-c", initCommand})

// set seccompProfile to RuntimeDefault
common.GetPodSecurityContext(console)
common.GetPodSecurityContext(deployer)
common.GetPodSecurityContext(configtxlator)
common.SetPodSecurityContext(console)
common.SetPodSecurityContext(deployer)
common.SetPodSecurityContext(configtxlator)

return nil
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/offering/base/orderer/override/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -318,8 +318,8 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPOrderer, deplo
deployment.UpdateInitContainer(initCont)

// set seccompProfile to RuntimeDefault
common.GetPodSecurityContext(orderer)
common.GetPodSecurityContext(grpcProxy)
common.SetPodSecurityContext(orderer)
common.SetPodSecurityContext(grpcProxy)

return nil
}
Expand Down
4 changes: 2 additions & 2 deletions pkg/offering/base/peer/override/deployment.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -734,8 +734,8 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPPeer, deployme
deployment.UpdateContainer(grpcContainer)

// set seccompProfile to RuntimeDefault
common.GetPodSecurityContext(peerContainer)
common.GetPodSecurityContext(grpcContainer)
common.SetPodSecurityContext(peerContainer)
common.SetPodSecurityContext(grpcContainer)

return nil
}
Expand Down
3 changes: 2 additions & 1 deletion pkg/offering/common/override.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -108,11 +108,12 @@ func GetPodAntiAffinity(orgName string) *corev1.PodAntiAffinity {
}
}

func GetPodSecurityContext(con container.Container) {
func SetPodSecurityContext(con container.Container) {
secContext := con.SecurityContext
if secContext.SeccompProfile == nil {
secContext.SeccompProfile = &corev1.SeccompProfile{
Type: corev1.SeccompProfileTypeRuntimeDefault,
}
}
con.SecurityContext = secContext
}

0 comments on commit 06995d6

Please sign in to comment.