From 06995d6b7da635e13d1b3b0958a990e89db8e988 Mon Sep 17 00:00:00 2001 From: shoaebjindani <40020259+shoaebjindani@users.noreply.github.com> Date: Thu, 28 Mar 2024 17:27:27 +0530 Subject: [PATCH] Set the security Context for Couchdb Container of Console (#182) --- pkg/offering/base/ca/override/deployment.go | 2 +- pkg/offering/base/console/override/deployment.go | 8 ++++---- pkg/offering/base/orderer/override/deployment.go | 4 ++-- pkg/offering/base/peer/override/deployment.go | 4 ++-- pkg/offering/common/override.go | 3 ++- 5 files changed, 11 insertions(+), 10 deletions(-) diff --git a/pkg/offering/base/ca/override/deployment.go b/pkg/offering/base/ca/override/deployment.go index 6773852b..9d135c2d 100644 --- a/pkg/offering/base/ca/override/deployment.go +++ b/pkg/offering/base/ca/override/deployment.go @@ -184,7 +184,7 @@ func (o *Override) CommonDeployment(instance *current.IBPCA, deployment *dep.Dep } // set seccompProfile to RuntimeDefault - common.GetPodSecurityContext(caCont) + common.SetPodSecurityContext(caCont) return nil } diff --git a/pkg/offering/base/console/override/deployment.go b/pkg/offering/base/console/override/deployment.go index 252089bb..29d06a1d 100644 --- a/pkg/offering/base/console/override/deployment.go +++ b/pkg/offering/base/console/override/deployment.go @@ -189,7 +189,7 @@ func (o *Override) CommonDeployment(instance *current.IBPConsole, deployment *de resourcesRequest := instance.Spec.Resources if !instance.Spec.UsingRemoteDB() { couchdb := deployment.MustGetContainer(COUCHDB) - + common.SetPodSecurityContext(couchdb) if instance.Spec.ConnectionString != "" { connectionURL, err := url.Parse(instance.Spec.ConnectionString) if err != nil { @@ -320,9 +320,9 @@ func (o *Override) CommonDeployment(instance *current.IBPConsole, deployment *de init.SetCommand([]string{"sh", "-c", initCommand}) // set seccompProfile to RuntimeDefault - common.GetPodSecurityContext(console) - common.GetPodSecurityContext(deployer) - common.GetPodSecurityContext(configtxlator) + common.SetPodSecurityContext(console) + common.SetPodSecurityContext(deployer) + common.SetPodSecurityContext(configtxlator) return nil } diff --git a/pkg/offering/base/orderer/override/deployment.go b/pkg/offering/base/orderer/override/deployment.go index 45c60c0c..eac6c187 100644 --- a/pkg/offering/base/orderer/override/deployment.go +++ b/pkg/offering/base/orderer/override/deployment.go @@ -318,8 +318,8 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPOrderer, deplo deployment.UpdateInitContainer(initCont) // set seccompProfile to RuntimeDefault - common.GetPodSecurityContext(orderer) - common.GetPodSecurityContext(grpcProxy) + common.SetPodSecurityContext(orderer) + common.SetPodSecurityContext(grpcProxy) return nil } diff --git a/pkg/offering/base/peer/override/deployment.go b/pkg/offering/base/peer/override/deployment.go index accf4759..dfb4c420 100644 --- a/pkg/offering/base/peer/override/deployment.go +++ b/pkg/offering/base/peer/override/deployment.go @@ -734,8 +734,8 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPPeer, deployme deployment.UpdateContainer(grpcContainer) // set seccompProfile to RuntimeDefault - common.GetPodSecurityContext(peerContainer) - common.GetPodSecurityContext(grpcContainer) + common.SetPodSecurityContext(peerContainer) + common.SetPodSecurityContext(grpcContainer) return nil } diff --git a/pkg/offering/common/override.go b/pkg/offering/common/override.go index d6ee83f9..4f8db99e 100644 --- a/pkg/offering/common/override.go +++ b/pkg/offering/common/override.go @@ -108,11 +108,12 @@ func GetPodAntiAffinity(orgName string) *corev1.PodAntiAffinity { } } -func GetPodSecurityContext(con container.Container) { +func SetPodSecurityContext(con container.Container) { secContext := con.SecurityContext if secContext.SeccompProfile == nil { secContext.SeccompProfile = &corev1.SeccompProfile{ Type: corev1.SeccompProfileTypeRuntimeDefault, } } + con.SecurityContext = secContext }