From 1978fe4e44f85a3a9e60aa5376366ae2e84279bb Mon Sep 17 00:00:00 2001 From: Gerrit Kieffer Date: Thu, 2 Jan 2025 14:35:41 +0100 Subject: [PATCH] Add securityContext to initContainers --- helm/polaris/templates/deployment.yaml | 4 ++++ helm/polaris/templates/job.yaml | 4 ++++ helm/polaris/tests/deployment_test.yaml | 24 +++++++++++++++++++++++ helm/polaris/tests/job_test.yaml | 26 +++++++++++++++++++++++++ 4 files changed, 58 insertions(+) diff --git a/helm/polaris/templates/deployment.yaml b/helm/polaris/templates/deployment.yaml index 463e9f2ff..286baafd1 100644 --- a/helm/polaris/templates/deployment.yaml +++ b/helm/polaris/templates/deployment.yaml @@ -56,6 +56,10 @@ spec: imagePullPolicy: {{ tpl .Values.toolsImage.pullPolicy . }} command: ["jar"] args: ["-cf", "/eclipselink-config/conf.jar", "-C", "/secret", "persistence.xml"] + {{- if .Values.securityContext}} + securityContext: + {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} + {{- end }} volumeMounts: - name: eclipselink-config-volume mountPath: /eclipselink-config diff --git a/helm/polaris/templates/job.yaml b/helm/polaris/templates/job.yaml index 5709f5c4b..5dc54b2bb 100644 --- a/helm/polaris/templates/job.yaml +++ b/helm/polaris/templates/job.yaml @@ -50,6 +50,10 @@ spec: imagePullPolicy: {{ tpl .Values.toolsImage.pullPolicy . }} command: ["jar"] args: ["-cf", "/eclipselink-config/conf.jar", "-C", "/secret", "persistence.xml"] + {{- if .Values.securityContext}} + securityContext: + {{- tpl (toYaml .Values.securityContext) . | nindent 12 }} + {{- end }} volumeMounts: - name: eclipselink-config-volume mountPath: /eclipselink-config diff --git a/helm/polaris/tests/deployment_test.yaml b/helm/polaris/tests/deployment_test.yaml index b87177fbd..161f27383 100644 --- a/helm/polaris/tests/deployment_test.yaml +++ b/helm/polaris/tests/deployment_test.yaml @@ -299,6 +299,30 @@ tests: content: runAsUser: 1000 + # spec.template.spec.containers[0].securityContext + - it: should not set initContainer securityContext by default + set: + persistenceConfigSecret: polaris-persistence-secret + polarisServerConfig: + metaStoreManager: + conf-file: /eclipselink-config/conf.jar!/persistence.xml + asserts: + - notExists: + path: spec.template.spec.initContainers[0].securityContext + - it: should set initContainer securityContext + set: + persistenceConfigSecret: polaris-persistence-secret + polarisServerConfig: + metaStoreManager: + conf-file: /eclipselink-config/conf.jar!/persistence.xml + securityContext: + runAsUser: 1000 + asserts: + - isSubset: + path: spec.template.spec.initContainers[0].securityContext + content: + runAsUser: 1000 + # spec.template.spec.containers[0].image - it: should set container image set: diff --git a/helm/polaris/tests/job_test.yaml b/helm/polaris/tests/job_test.yaml index 09e7f1df1..4c83e7e27 100644 --- a/helm/polaris/tests/job_test.yaml +++ b/helm/polaris/tests/job_test.yaml @@ -296,6 +296,32 @@ tests: content: runAsUser: 1000 + # spec.template.spec.containers[0].securityContext (with bootstrapMetastoreManager enabled) + - it: should not set initContainer securityContext by default + set: + bootstrapMetastoreManager: true + persistenceConfigSecret: polaris-persistence-secret + polarisServerConfig: + metaStoreManager: + conf-file: /eclipselink-config/conf.jar!/persistence.xml + asserts: + - notExists: + path: spec.template.spec.initContainers[0].securityContext + - it: should set initContainer securityContext + set: + bootstrapMetastoreManager: true + persistenceConfigSecret: polaris-persistence-secret + polarisServerConfig: + metaStoreManager: + conf-file: /eclipselink-config/conf.jar!/persistence.xml + securityContext: + runAsUser: 1000 + asserts: + - isSubset: + path: spec.template.spec.initContainers[0].securityContext + content: + runAsUser: 1000 + # spec.template.spec.containers[0].image (with bootstrapMetastoreManager enabled) - it: should set container image set: