Skip to content

Commit

Permalink
Merge pull request #120 from eddycharly/seccomp
Browse files Browse the repository at this point in the history 
feat: add seccomp profile support
  • Loading branch information
@fjogeleit
fjogeleit authored Feb 28, 2022
2 parents b02cd2e + ce771b2 commit 6a9c580
Show file tree
Hide file tree
Showing 10 changed files with 35 additions and 8 deletions.
2 changes: 1 addition & 1 deletion charts/policy-reporter/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ description: |
It creates Prometheus Metrics and can send rule validation events to different targets like Loki, Elasticsearch, Slack or Discord
type: application
version: 2.5.0
version: 2.6.0
appVersion: 2.3.0

icon: https://github.com/kyverno/kyverno/raw/main/img/logo.png
Expand Down
10 changes: 9 additions & 1 deletion charts/policy-reporter/charts/kyvernoPlugin/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,4 +65,12 @@ Selector labels
{{- define "ui.selectorLabels" -}}
app.kubernetes.io/name: ui
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}
{{- end }}

{{- define "kyverno.securityContext" -}}
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
{{ toYaml (omit .Values.securityContext "seccompProfile") }}
{{- else }}
{{ toYaml .Values.securityContext }}
{{- end }}
{{- end }}
3 changes: 1 addition & 2 deletions charts/policy-reporter/charts/kyvernoPlugin/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,8 +41,7 @@ spec:
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
securityContext: {{ include "kyverno.securityContext" . | nindent 12 }}
{{- end }}
args:
- --port=8080
Expand Down
2 changes: 2 additions & 0 deletions charts/policy-reporter/charts/kyvernoPlugin/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,8 @@ securityContext:
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

# Key/value pairs that are attached to pods.
podAnnotations: {}
Expand Down
8 changes: 8 additions & 0 deletions charts/policy-reporter/charts/ui/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -101,3 +101,11 @@ Create the name of the service account to use
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}
{{- end }}

{{- define "kyverno.securityContext" -}}
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
{{ toYaml (omit .Values.securityContext "seccompProfile") }}
{{- else }}
{{ toYaml .Values.securityContext }}
{{- end }}
{{- end }}
3 changes: 1 addition & 2 deletions charts/policy-reporter/charts/ui/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,7 @@ spec:
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
securityContext: {{ include "kyverno.securityContext" . | nindent 12 }}
{{- end }}
args:
- -config=/app/config.yaml
Expand Down
2 changes: 2 additions & 0 deletions charts/policy-reporter/charts/ui/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ securityContext:
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

# Key/value pairs that are attached to pods.
podAnnotations: {}
Expand Down
8 changes: 8 additions & 0 deletions charts/policy-reporter/templates/_helpers.tpl
View file
Original file line number Diff line number Diff line change
Expand Up @@ -73,3 +73,11 @@ Create UI target host based on configuration
{{- "" }}
{{- end }}
{{- end }}

{{- define "kyverno.securityContext" -}}
{{- if semverCompare "<1.19" .Capabilities.KubeVersion.Version }}
{{ toYaml (omit .Values.securityContext "seccompProfile") }}
{{- else }}
{{ toYaml .Values.securityContext }}
{{- end }}
{{- end }}
3 changes: 1 addition & 2 deletions charts/policy-reporter/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,8 +48,7 @@ spec:
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.securityContext }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
securityContext: {{ include "kyverno.securityContext" . | nindent 12 }}
{{- end }}
args:
- --config=/app/config.yaml
Expand Down
2 changes: 2 additions & 0 deletions charts/policy-reporter/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,6 +56,8 @@ securityContext:
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault

# Key/value pairs that are attached to pods.
podAnnotations: {}
Expand Down

0 comments on commit 6a9c580

Please sign in to comment.