From c501736c15bf4429189c252f3b366e4580ac3cf3 Mon Sep 17 00:00:00 2001 From: Thibault Mange <22740367+thibaultmg@users.noreply.github.com> Date: Mon, 16 Oct 2023 15:40:32 +0200 Subject: [PATCH] reset security context for store Signed-off-by: Thibault Mange <22740367+thibaultmg@users.noreply.github.com> --- .../rhobs/observatorium-metrics-store-default-template.yaml | 4 +--- .../rhobs/observatorium-metrics-store-rhel-template.yaml | 4 +--- .../rhobs/observatorium-metrics-store-telemeter-template.yaml | 4 +--- .../rhobs/observatorium-metrics-store-default-template.yaml | 4 +--- .../rhobs/observatorium-metrics-store-rhel-template.yaml | 4 +--- .../rhobs/observatorium-metrics-store-telemeter-template.yaml | 4 +--- services_go/observatorium/metrics.go | 1 + 7 files changed, 7 insertions(+), 18 deletions(-) diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml index cbdf40760b..76a6731679 100755 --- a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-default-template.yaml @@ -363,9 +363,7 @@ objects: name: hashmod-config nodeSelector: kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsUser: 65534 + securityContext: {} serviceAccountName: observatorium-thanos-store-default terminationGracePeriodSeconds: 120 volumes: diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml index daca250d1c..60f0be4d25 100755 --- a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-rhel-template.yaml @@ -363,9 +363,7 @@ objects: name: hashmod-config nodeSelector: kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsUser: 65534 + securityContext: {} serviceAccountName: observatorium-thanos-store-rhel terminationGracePeriodSeconds: 120 volumes: diff --git a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml index d6b84a41db..4afceefd60 100755 --- a/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml +++ b/resources/services/app-sre-stage-01/rhobs/observatorium-metrics-store-telemeter-template.yaml @@ -363,9 +363,7 @@ objects: name: hashmod-config nodeSelector: kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsUser: 65534 + securityContext: {} serviceAccountName: observatorium-thanos-store-telemeter terminationGracePeriodSeconds: 120 volumes: diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml index cbdf40760b..76a6731679 100755 --- a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-default-template.yaml @@ -363,9 +363,7 @@ objects: name: hashmod-config nodeSelector: kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsUser: 65534 + securityContext: {} serviceAccountName: observatorium-thanos-store-default terminationGracePeriodSeconds: 120 volumes: diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml index daca250d1c..60f0be4d25 100755 --- a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-rhel-template.yaml @@ -363,9 +363,7 @@ objects: name: hashmod-config nodeSelector: kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsUser: 65534 + securityContext: {} serviceAccountName: observatorium-thanos-store-rhel terminationGracePeriodSeconds: 120 volumes: diff --git a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml index d6b84a41db..4afceefd60 100755 --- a/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml +++ b/resources/services/telemeter-prod-01/rhobs/observatorium-metrics-store-telemeter-template.yaml @@ -363,9 +363,7 @@ objects: name: hashmod-config nodeSelector: kubernetes.io/os: linux - securityContext: - fsGroup: 65534 - runAsUser: 65534 + securityContext: {} serviceAccountName: observatorium-thanos-store-telemeter terminationGracePeriodSeconds: 120 volumes: diff --git a/services_go/observatorium/metrics.go b/services_go/observatorium/metrics.go index aae56058f9..d23424a8de 100644 --- a/services_go/observatorium/metrics.go +++ b/services_go/observatorium/metrics.go @@ -170,6 +170,7 @@ func makeStore(namespace, imageTag string, cfg ThanosTenantConfig[store.StoreSta storeStatefulSet.Image = thanosImage storeStatefulSet.ImageTag = imageTag storeStatefulSet.Namespace = namespace + storeStatefulSet.SecurityContext = corev1.PodSecurityContext{} storeStatefulSet.Affinity.PodAntiAffinity.PreferredDuringSchedulingIgnoredDuringExecution[0].PodAffinityTerm.Namespaces = []string{} storeStatefulSet.Replicas = 1 delete(storeStatefulSet.PodResources.Limits, corev1.ResourceCPU)