Add security context for init container for portal server

litmuschaos · Mar 10, 2022 · d9f302b · d9f302b
1 parent 22e6819
commit d9f302b
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 2 deletions.
diff --git a/charts/litmus/Chart.yaml b/charts/litmus/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "2.6.0"
 description: A Helm chart to install ChaosCenter
 name: litmus
-version: 2.6.5
+version: 2.6.6
 kubeVersion: ">=1.16.0-0"
 home: https://litmuschaos.io
 sources:

diff --git a/charts/litmus/README.md b/charts/litmus/README.md
@@ -1,6 +1,6 @@
 # litmus
 
-![Version: 2.6.5](https://img.shields.io/badge/Version-2.6.5-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-informational?style=flat-square)
+![Version: 2.6.6](https://img.shields.io/badge/Version-2.6.6-informational?style=flat-square) ![AppVersion: 2.6.0](https://img.shields.io/badge/AppVersion-2.6.0-informational?style=flat-square)
 
 A Helm chart to install ChaosCenter
 
@@ -207,6 +207,9 @@ $ helm install litmus-portal litmuschaos/litmus
 | portal.server.waitForMongodb.resources.requests.cpu | string | `"125m"` |  |
 | portal.server.waitForMongodb.resources.requests.ephemeral-storage | string | `"500Mi"` |  |
 | portal.server.waitForMongodb.resources.requests.memory | string | `"300Mi"` |  |
+| portal.server.waitForMongodb.securityContext.allowPrivilegeEscalation | bool | `false` |  |
+| portal.server.waitForMongodb.securityContext.runAsNonRoot | bool | `true` |  |
+| portal.server.waitForMongodb.securityContext.runAsUser | int | `2000` |  |
 | portalScope | string | `"cluster"` |  |
 | upgradeAgent.affinity | object | `{}` |  |
 | upgradeAgent.controlPlane.image.pullPolicy | string | `"Always"` |  |

diff --git a/charts/litmus/templates/server-deployment.yaml b/charts/litmus/templates/server-deployment.yaml
@@ -43,6 +43,8 @@ spec:
             ]
           resources:
             {{- toYaml .Values.portal.server.waitForMongodb.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.portal.server.waitForMongodb.securityContext | nindent 12 }}
       containers:
         - name: graphql-server
           image: {{ .Values.image.imageRegistryName }}/{{ .Values.portal.server.graphqlServer.image.repository }}:{{ .Values.portal.server.graphqlServer.image.tag }}

diff --git a/charts/litmus/values.yaml b/charts/litmus/values.yaml
@@ -139,6 +139,10 @@ portal:
     customLabels: {}
     # my.company.com/tier: "backend"
     waitForMongodb:
+      securityContext:
+        runAsUser: 2000
+        allowPrivilegeEscalation: false
+        runAsNonRoot: true
       image:
         repository: curl
         tag: 2.5.0