INT-7432 security context for openshift (#34)

OpenShift requires the red hat image (optional) and these security settings to alleviate warnings. These changes are fine for other k8s implementations like minikube using the stock container from docker hub.
2022-11-17 11:05:22 -05:00 · 2022-11-17 11:05:22 -05:00 · c8b1ad3059
commit c8b1ad3059
parent 7dd8cd5112
2 changed files with 16 additions and 2 deletions
--- a/nexus-repository-manager/templates/deployment.yaml
+++ b/nexus-repository-manager/templates/deployment.yaml
@ -59,7 +59,14 @@ spec:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
-
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+                - ALL
          lifecycle:
          {{- if .Values.deployment.postStart.command }}
            postStart:
--- a/nexus-repository-manager/tests/deployment_test.yaml
+++ b/nexus-repository-manager/tests/deployment_test.yaml
@ -36,7 +36,14 @@ tests:
          pattern: sonatype/nexus3:3\.\d+\.\d+
      - equal:
          path: spec.template.spec.containers[0].securityContext
-          value: null
+          value: 
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            seccompProfile:
+              type: RuntimeDefault
      - equal:
          path: spec.template.spec.containers[0].imagePullPolicy
          value: IfNotPresent