Add the changes for existing deployments

Signed-off-by: asararatnakar <[email protected]>
hyperledger-labs · Mar 7, 2024 · 9efd1c5 · 9efd1c5
1 parent bc51ee1
commit 9efd1c5
Show file tree

Hide file tree

Showing 5 changed files with 28 additions and 0 deletions.
diff --git a/pkg/offering/base/ca/override/deployment.go b/pkg/offering/base/ca/override/deployment.go
@@ -33,6 +33,7 @@ import (
 	"github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/deployment"
 	dep "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/deployment"
 	"github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/serviceaccount"
+	"github.com/IBM-Blockchain/fabric-operator/pkg/offering/common"
 	"github.com/IBM-Blockchain/fabric-operator/pkg/util"
 
 	appsv1 "k8s.io/api/apps/v1"
@@ -182,6 +183,9 @@ func (o *Override) CommonDeployment(instance *current.IBPCA, deployment *dep.Dep
 		deployment.SetReplicas(instance.Spec.Replicas)
 	}
 
+	// set seccompProfile to RuntimeDefault
+	common.GetPodSecurityContext(caCont)
+
 	return nil
 }
 

diff --git a/pkg/offering/base/console/override/deployment.go b/pkg/offering/base/console/override/deployment.go
@@ -319,6 +319,11 @@ func (o *Override) CommonDeployment(instance *current.IBPConsole, deployment *de
 	}
 	init.SetCommand([]string{"sh", "-c", initCommand})
 
+	// set seccompProfile to RuntimeDefault
+	common.GetPodSecurityContext(console)
+	common.GetPodSecurityContext(deployer)
+	common.GetPodSecurityContext(configtxlator)
+
 	return nil
 }
 

diff --git a/pkg/offering/base/orderer/override/deployment.go b/pkg/offering/base/orderer/override/deployment.go
@@ -317,6 +317,10 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPOrderer, deplo
 	deployment.UpdateContainer(grpcProxy)
 	deployment.UpdateInitContainer(initCont)
 
+	// set seccompProfile to RuntimeDefault
+	common.GetPodSecurityContext(orderer)
+	common.GetPodSecurityContext(grpcProxy)
+
 	return nil
 }
 

diff --git a/pkg/offering/base/peer/override/deployment.go b/pkg/offering/base/peer/override/deployment.go
@@ -756,6 +756,11 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPPeer, deployme
 
 	deployment.UpdateContainer(peerContainer)
 	deployment.UpdateContainer(grpcContainer)
+
+	// set seccompProfile to RuntimeDefault
+	common.GetPodSecurityContext(peerContainer)
+	common.GetPodSecurityContext(grpcContainer)
+
 	return nil
 }
 

diff --git a/pkg/offering/common/override.go b/pkg/offering/common/override.go
@@ -19,6 +19,7 @@
 package common
 
 import (
+	container "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/container"
 	corev1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
@@ -106,3 +107,12 @@ func GetPodAntiAffinity(orgName string) *corev1.PodAntiAffinity {
 		},
 	}
 }
+
+func GetPodSecurityContext(con container.Container) {
+	secContext := con.SecurityContext
+	if secContext.SeccompProfile == nil {
+		secContext.SeccompProfile = &corev1.SeccompProfile{
+			Type: corev1.SeccompProfileTypeRuntimeDefault,
+		}
+	}
+}