diff --git a/helm-charts/dbrepo/.helmignore b/helm-charts/dbrepo/.helmignore
index 671ca33f54f619d00f44da4b1774dc892d303dac..5e1b5043586ace47338b7aaf8fc9005c44fa90c3 100644
--- a/helm-charts/dbrepo/.helmignore
+++ b/helm-charts/dbrepo/.helmignore
@@ -1,8 +1,8 @@
-# Patterns to ignore when building packages.
-# This supports shell glob matching, relative path matching, and
-# negation (prefixed with !). Only one pattern per line.
# Dev
values.dev.yaml
+Chart.tpl.yaml
+hack/
+# MacOS
.DS_Store
# Common VCS dirs
.git/
diff --git a/helm-charts/dbrepo/templates/analyse-service/deployment.yaml b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml
index 1a4bef34d6f751d1699bbc8ae5bd0e71217d8cce..7806c085382ce49b9faa0778ae6e16a4f1131380 100644
--- a/helm-charts/dbrepo/templates/analyse-service/deployment.yaml
+++ b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml
@@ -33,6 +33,8 @@ spec:
imagePullPolicy: {{ .Values.analyseService.image.pullPolicy | default "IfNotPresent" }}
securityContext:
allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.analyseService.profileType | default "RuntimeDefault" }}
capabilities:
drop:
- ALL
diff --git a/helm-charts/dbrepo/templates/data-service/deployment.yaml b/helm-charts/dbrepo/templates/data-service/deployment.yaml
index ed2317b5884d2fd1ef0ff1d6faf7283320a4492a..d290826cc23eccf212e0950a7b1dfea76ebdb798 100644
--- a/helm-charts/dbrepo/templates/data-service/deployment.yaml
+++ b/helm-charts/dbrepo/templates/data-service/deployment.yaml
@@ -30,6 +30,13 @@ spec:
- name: data-service
image: {{ .Values.dataService.image.name }}
imagePullPolicy: {{ .Values.dataService.image.pullPolicy | default "IfNotPresent" }}
+ securityContext:
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.dataService.profileType | default "RuntimeDefault" }}
+ capabilities:
+ drop:
+ - ALL
ports:
- containerPort: 9093
protocol: TCP
diff --git a/helm-charts/dbrepo/templates/metadata-service/deployment.yaml b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml
index 3f5a9798a71e563d2a76b8713d32c16356f6190b..f638c6984e12df9f7922483b3c8ee3ba0fa2dfe1 100644
--- a/helm-charts/dbrepo/templates/metadata-service/deployment.yaml
+++ b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml
@@ -35,6 +35,8 @@ spec:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.metadataService.profileType | default "RuntimeDefault" }}
capabilities:
drop:
- ALL
diff --git a/helm-charts/dbrepo/templates/search-service/deployment.yaml b/helm-charts/dbrepo/templates/search-service/deployment.yaml
index 165f6809b63ad10024dfd32c48bda9d358c67322..c2cead7f85420ef71ab13d9f004a281c829de940 100644
--- a/helm-charts/dbrepo/templates/search-service/deployment.yaml
+++ b/helm-charts/dbrepo/templates/search-service/deployment.yaml
@@ -33,6 +33,8 @@ spec:
imagePullPolicy: {{ .Values.searchService.image.pullPolicy | default "IfNotPresent" }}
securityContext:
allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.metadataService.profileType | default "RuntimeDefault" }}
capabilities:
drop:
- ALL
diff --git a/helm-charts/dbrepo/templates/ui/deployment.yaml b/helm-charts/dbrepo/templates/ui/deployment.yaml
index 975185e4ccaa75d749c2ff3f1e2eb7e9d0a3893a..3cd5e4e0fc25266504fe642d4b3a1c70ce87dd17 100644
--- a/helm-charts/dbrepo/templates/ui/deployment.yaml
+++ b/helm-charts/dbrepo/templates/ui/deployment.yaml
@@ -33,6 +33,8 @@ spec:
imagePullPolicy: {{ .Values.ui.image.pullPolicy | default "IfNotPresent" }}
securityContext:
allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.ui.profileType | default "RuntimeDefault" }}
capabilities:
drop:
- ALL
diff --git a/helm-charts/dbrepo/templates/upload-service/deployment.yaml b/helm-charts/dbrepo/templates/upload-service/deployment.yaml
index 20fbb6b4efb73e748b12a4e5624aef1daadb5d44..fd4e767dca0edc65f519de54a2a1565c9d7c3797 100644
--- a/helm-charts/dbrepo/templates/upload-service/deployment.yaml
+++ b/helm-charts/dbrepo/templates/upload-service/deployment.yaml
@@ -33,6 +33,8 @@ spec:
imagePullPolicy: {{ .Values.uploadService.image.pullPolicy | default "IfNotPresent" }}
securityContext:
allowPrivilegeEscalation: false
+ seccompProfile:
+ type: {{ .Values.uploadService.profileType | default "RuntimeDefault" }}
capabilities:
drop:
- ALL
diff --git a/helm-charts/dbrepo/values.dev.yaml b/helm-charts/dbrepo/values.dev.yaml
index c3d840953409db70169e64b7bfce59209d3af023..95f4e14530e7f51ac271997cdc218fac72a1f2b5 100644
--- a/helm-charts/dbrepo/values.dev.yaml
+++ b/helm-charts/dbrepo/values.dev.yaml
@@ -115,6 +115,12 @@ dataDb:
securityContext:
runAsUser: 1001
runAsGroup: 1001
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
ports:
- containerPort: 3305
protocol: TCP
@@ -152,6 +158,10 @@ dataDb:
size: 10Gi
replicaCount: 1 # uneven
+dataDbSidecar:
+ persistence:
+ storageClass:
+
searchdb:
fullnameOverride: search-db
host: search-db
@@ -236,6 +246,15 @@ searchDbDashboard:
- name: init
image: dbrepo-search-db-init:latest
imagePullPolicy: Never
+ securityContext:
+ runAsUser: 1001
+ runAsGroup: 1001
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
env:
- name: OPENSEARCH_HOST
value: http://search-db:9200
diff --git a/helm-charts/dbrepo/values.yaml b/helm-charts/dbrepo/values.yaml
index e2d28a8bba4141de958d636afa4c1a770faf9461..655e158af7431480e980729abd4513b50ba816bc 100644
--- a/helm-charts/dbrepo/values.yaml
+++ b/helm-charts/dbrepo/values.yaml
@@ -115,6 +115,12 @@ dataDb:
securityContext:
runAsUser: 1001
runAsGroup: 1001
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
ports:
- containerPort: 3305
protocol: TCP
@@ -240,6 +246,15 @@ searchDbDashboard:
- name: init
image: s210.dl.hpc.tuwien.ac.at/dbrepo/search-db-init:1.4.2
imagePullPolicy: Always
+ securityContext:
+ runAsUser: 1001
+ runAsGroup: 1001
+ allowPrivilegeEscalation: false
+ seccompProfile:
+ type: RuntimeDefault
+ capabilities:
+ drop:
+ - ALL
env:
- name: OPENSEARCH_HOST
value: http://search-db:9200