From 2fd7fe723ef2c26027cc36f2682c1c4eeac2057b Mon Sep 17 00:00:00 2001 From: Maksim Fedotov Date: Thu, 14 Nov 2024 22:53:46 +0300 Subject: [PATCH] fix nobody user check & duplicate securityContext in helper Signed-off-by: Maksim Fedotov --- templates/kube-rbac-proxy/_helpers.tpl | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/templates/kube-rbac-proxy/_helpers.tpl b/templates/kube-rbac-proxy/_helpers.tpl index 66cda0c64..ece3d252f 100644 --- a/templates/kube-rbac-proxy/_helpers.tpl +++ b/templates/kube-rbac-proxy/_helpers.tpl @@ -10,8 +10,10 @@ {{- $settings := index . 1 }} - name: {{ $settings.containerName | default "kube-rbac-proxy" }} {{- include "helm_lib_module_container_security_context_read_only_root_filesystem" $ctx | nindent 2 }} - {{- if $settings.runAsUserNobody | default true }} - {{- include "helm_lib_module_pod_security_context_run_as_user_nobody" . | nindent 2}} + {{- if eq $settings.runAsUserNobody true }} + runAsNonRoot: true + runAsUser: 65534 + runAsGroup: 65534 {{- end }} image: {{ include "helm_lib_module_common_image" (list $ctx "kubeRbacProxy") }} args: @@ -35,11 +37,11 @@ path: {{ $settings.path | default "/metrics" }} authorization: resourceAttributes: - namespace: {{ $settings.namespace }} - apiGroup: {{ $settings.apiGroup }} - apiVersion: {{ $settings.apiVersion }} - resource: {{ $settings.resource }} - subresource: {{ $settings.subresource }} + namespace: {{ $settings.namespace | default "d8-virtualization" }} + apiGroup: {{ $settings.apiGroup | default "apps" }} + apiVersion: {{ $settings.apiVersion | default "v1" }} + resource: {{ $settings.resource | default "deployment" }} + subresource: {{ $settings.subresource | default "prometheus-metrics" }} name: {{ $settings.name }} resources: requests: