diff --git a/helm-charts/dbrepo/templates/analyse-service/deployment.yaml b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml index c15d67377f40bea64840a75adece8f4499e9a800..1a4bef34d6f751d1699bbc8ae5bd0e71217d8cce 100644 --- a/helm-charts/dbrepo/templates/analyse-service/deployment.yaml +++ b/helm-charts/dbrepo/templates/analyse-service/deployment.yaml @@ -31,6 +31,11 @@ spec: - name: analyse-service image: {{ .Values.analyseService.image.name }} imagePullPolicy: {{ .Values.analyseService.image.pullPolicy | default "IfNotPresent" }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL ports: - containerPort: 5000 protocol: TCP diff --git a/helm-charts/dbrepo/templates/data-db/pvc.yaml b/helm-charts/dbrepo/templates/data-db/pvc.yaml index ef89c2ad56aba67be2578acb4b8024539feab42c..dd0dc69aea16c9e79781276e22b2dc688927caeb 100644 --- a/helm-charts/dbrepo/templates/data-db/pvc.yaml +++ b/helm-charts/dbrepo/templates/data-db/pvc.yaml @@ -3,7 +3,9 @@ kind: PersistentVolumeClaim metadata: name: data-db-shared spec: + {{- if .Values.dataDbSidecar.persistence.storageClass }} storageClassName: {{ .Values.dataDbSidecar.persistence.storageClass }} + {{- end }} accessModes: - ReadWriteMany resources: diff --git a/helm-charts/dbrepo/templates/metadata-service/deployment.yaml b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml index 6dfab3ed21a13ac970b7423124f3555a17eb3dca..3f5a9798a71e563d2a76b8713d32c16356f6190b 100644 --- a/helm-charts/dbrepo/templates/metadata-service/deployment.yaml +++ b/helm-charts/dbrepo/templates/metadata-service/deployment.yaml @@ -34,6 +34,10 @@ spec: securityContext: runAsUser: 1000 runAsGroup: 1000 + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL ports: - containerPort: 9099 protocol: TCP diff --git a/helm-charts/dbrepo/templates/search-service/deployment.yaml b/helm-charts/dbrepo/templates/search-service/deployment.yaml index 30a0441b1540019c3875431e2d8d42ede696610f..165f6809b63ad10024dfd32c48bda9d358c67322 100644 --- a/helm-charts/dbrepo/templates/search-service/deployment.yaml +++ b/helm-charts/dbrepo/templates/search-service/deployment.yaml @@ -31,6 +31,11 @@ spec: - name: search-service image: {{ .Values.searchService.image.name }} imagePullPolicy: {{ .Values.searchService.image.pullPolicy | default "IfNotPresent" }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL ports: - containerPort: 4000 protocol: TCP @@ -76,6 +81,6 @@ spec: - "curl -sSL localhost:4000/health | grep 'UP' || exit 1" initialDelaySeconds: 10 periodSeconds: 30 - volumeMounts: [] - volumes: [] + volumeMounts: [ ] + volumes: [ ] {{- end }} diff --git a/helm-charts/dbrepo/templates/ui/deployment.yaml b/helm-charts/dbrepo/templates/ui/deployment.yaml index 47a0217ad501de5c2b6a5d2d511911f7cbece75b..975185e4ccaa75d749c2ff3f1e2eb7e9d0a3893a 100644 --- a/helm-charts/dbrepo/templates/ui/deployment.yaml +++ b/helm-charts/dbrepo/templates/ui/deployment.yaml @@ -31,6 +31,11 @@ spec: - name: ui image: {{ .Values.ui.image.name }} imagePullPolicy: {{ .Values.ui.image.pullPolicy | default "IfNotPresent" }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL ports: - containerPort: 3000 protocol: TCP diff --git a/helm-charts/dbrepo/templates/upload-service/deployment.yaml b/helm-charts/dbrepo/templates/upload-service/deployment.yaml index d9e30c0893cde7b015f91848dbd72e25328be19a..20fbb6b4efb73e748b12a4e5624aef1daadb5d44 100644 --- a/helm-charts/dbrepo/templates/upload-service/deployment.yaml +++ b/helm-charts/dbrepo/templates/upload-service/deployment.yaml @@ -31,6 +31,11 @@ spec: - name: upload-service image: {{ printf "%s/%s:%s" .Values.uploadService.image.registry .Values.uploadService.image.repository .Values.uploadService.image.tag }} imagePullPolicy: {{ .Values.uploadService.image.pullPolicy | default "IfNotPresent" }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL env: - name: AWS_ACCESS_KEY_ID valueFrom: diff --git a/helm-charts/dbrepo/values.yaml b/helm-charts/dbrepo/values.yaml index 4379910ee8abf5231c6b009e600f0280f97b3db5..e2d28a8bba4141de958d636afa4c1a770faf9461 100644 --- a/helm-charts/dbrepo/values.yaml +++ b/helm-charts/dbrepo/values.yaml @@ -154,7 +154,7 @@ dataDb: dataDbSidecar: persistence: - storageClass: "" + storageClass: searchdb: fullnameOverride: search-db