Loading deploy/kubernetes/chart/templates/auth/deployment.yaml +3 −0 Original line number Diff line number Diff line Loading @@ -53,6 +53,9 @@ spec: # where files are expected to change - name: tmp mountPath: /tmp {{- with $auth.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- with $auth.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} Loading deploy/kubernetes/chart/templates/opa/deployment.yaml +3 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,9 @@ spec: - name: policy mountPath: /policies readOnly: true {{- with $opa.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- with $opa.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} Loading deploy/kubernetes/chart/templates/search/deployment.yaml +3 −2 Original line number Diff line number Diff line Loading @@ -43,8 +43,9 @@ spec: livenessProbe: <<: *probe initialDelaySeconds: 120 securityContext: readOnlyRootFilesystem: true {{- with $search.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: esg-config mountPath: /esg/config Loading deploy/kubernetes/chart/values.yaml +13 −1 Original line number Diff line number Diff line Loading @@ -115,6 +115,10 @@ auth: userinfo_endpoint: client_kwargs: scope: openid profile email # Security context for auth container. securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true ### # OPA server configuration Loading Loading @@ -153,6 +157,10 @@ opa: logLevel: info # Paths to restrict restrictedPaths: [] # Security context for OPA container. securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true ### # Data node configuration Loading Loading @@ -345,7 +353,6 @@ data: # See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: ### # Index node configuration ### Loading Loading @@ -463,3 +470,8 @@ index: # The tolerations for the search pods # See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: # Security context for search container. securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true Loading
deploy/kubernetes/chart/templates/auth/deployment.yaml +3 −0 Original line number Diff line number Diff line Loading @@ -53,6 +53,9 @@ spec: # where files are expected to change - name: tmp mountPath: /tmp {{- with $auth.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- with $auth.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} Loading
deploy/kubernetes/chart/templates/opa/deployment.yaml +3 −0 Original line number Diff line number Diff line Loading @@ -38,6 +38,9 @@ spec: - name: policy mountPath: /policies readOnly: true {{- with $opa.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} {{- with $opa.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} Loading
deploy/kubernetes/chart/templates/search/deployment.yaml +3 −2 Original line number Diff line number Diff line Loading @@ -43,8 +43,9 @@ spec: livenessProbe: <<: *probe initialDelaySeconds: 120 securityContext: readOnlyRootFilesystem: true {{- with $search.securityContext }} securityContext: {{ toYaml . | nindent 12 }} {{- end }} volumeMounts: - name: esg-config mountPath: /esg/config Loading
deploy/kubernetes/chart/values.yaml +13 −1 Original line number Diff line number Diff line Loading @@ -115,6 +115,10 @@ auth: userinfo_endpoint: client_kwargs: scope: openid profile email # Security context for auth container. securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true ### # OPA server configuration Loading Loading @@ -153,6 +157,10 @@ opa: logLevel: info # Paths to restrict restrictedPaths: [] # Security context for OPA container. securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true ### # Data node configuration Loading Loading @@ -345,7 +353,6 @@ data: # See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: ### # Index node configuration ### Loading Loading @@ -463,3 +470,8 @@ index: # The tolerations for the search pods # See https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: # Security context for search container. securityContext: # Run with a read-only root filesystem by default readOnlyRootFilesystem: true
