From 9efd1c55dc4f45dfdb59651b1ab3aeaba5c57dcd Mon Sep 17 00:00:00 2001 From: asararatnakar Date: Thu, 7 Mar 2024 15:27:36 -0500 Subject: [PATCH] Add the changes for existing deployments Signed-off-by: asararatnakar --- pkg/offering/base/ca/override/deployment.go | 4 ++++ pkg/offering/base/console/override/deployment.go | 5 +++++ pkg/offering/base/orderer/override/deployment.go | 4 ++++ pkg/offering/base/peer/override/deployment.go | 5 +++++ pkg/offering/common/override.go | 10 ++++++++++ 5 files changed, 28 insertions(+) diff --git a/pkg/offering/base/ca/override/deployment.go b/pkg/offering/base/ca/override/deployment.go index 4e9077da..6773852b 100644 --- a/pkg/offering/base/ca/override/deployment.go +++ b/pkg/offering/base/ca/override/deployment.go @@ -33,6 +33,7 @@ import ( "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/deployment" dep "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/deployment" "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/serviceaccount" + "github.com/IBM-Blockchain/fabric-operator/pkg/offering/common" "github.com/IBM-Blockchain/fabric-operator/pkg/util" appsv1 "k8s.io/api/apps/v1" @@ -182,6 +183,9 @@ func (o *Override) CommonDeployment(instance *current.IBPCA, deployment *dep.Dep deployment.SetReplicas(instance.Spec.Replicas) } + // set seccompProfile to RuntimeDefault + common.GetPodSecurityContext(caCont) + return nil } diff --git a/pkg/offering/base/console/override/deployment.go b/pkg/offering/base/console/override/deployment.go index b65add0b..252089bb 100644 --- a/pkg/offering/base/console/override/deployment.go +++ b/pkg/offering/base/console/override/deployment.go @@ -319,6 +319,11 @@ func (o *Override) CommonDeployment(instance *current.IBPConsole, deployment *de } init.SetCommand([]string{"sh", "-c", initCommand}) + // set seccompProfile to RuntimeDefault + common.GetPodSecurityContext(console) + common.GetPodSecurityContext(deployer) + common.GetPodSecurityContext(configtxlator) + return nil } diff --git a/pkg/offering/base/orderer/override/deployment.go b/pkg/offering/base/orderer/override/deployment.go index 35a97a1b..45c60c0c 100644 --- a/pkg/offering/base/orderer/override/deployment.go +++ b/pkg/offering/base/orderer/override/deployment.go @@ -317,6 +317,10 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPOrderer, deplo deployment.UpdateContainer(grpcProxy) deployment.UpdateInitContainer(initCont) + // set seccompProfile to RuntimeDefault + common.GetPodSecurityContext(orderer) + common.GetPodSecurityContext(grpcProxy) + return nil } diff --git a/pkg/offering/base/peer/override/deployment.go b/pkg/offering/base/peer/override/deployment.go index 49ce5d6d..9fd49162 100644 --- a/pkg/offering/base/peer/override/deployment.go +++ b/pkg/offering/base/peer/override/deployment.go @@ -756,6 +756,11 @@ func (o *Override) CommonDeploymentOverrides(instance *current.IBPPeer, deployme deployment.UpdateContainer(peerContainer) deployment.UpdateContainer(grpcContainer) + + // set seccompProfile to RuntimeDefault + common.GetPodSecurityContext(peerContainer) + common.GetPodSecurityContext(grpcContainer) + return nil } diff --git a/pkg/offering/common/override.go b/pkg/offering/common/override.go index 29a4e941..d6ee83f9 100644 --- a/pkg/offering/common/override.go +++ b/pkg/offering/common/override.go @@ -19,6 +19,7 @@ package common import ( + container "github.com/IBM-Blockchain/fabric-operator/pkg/manager/resources/container" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" ) @@ -106,3 +107,12 @@ func GetPodAntiAffinity(orgName string) *corev1.PodAntiAffinity { }, } } + +func GetPodSecurityContext(con container.Container) { + secContext := con.SecurityContext + if secContext.SeccompProfile == nil { + secContext.SeccompProfile = &corev1.SeccompProfile{ + Type: corev1.SeccompProfileTypeRuntimeDefault, + } + } +}