From e42f904297850015fa8ab411a6e0ddac5f5c8fb5 Mon Sep 17 00:00:00 2001 From: Alexander Andryashin Date: Tue, 17 Oct 2023 15:45:14 +0300 Subject: [PATCH] Add containers securityContext to config. --- moon2/crds/moon.aerokube.com_browsersets.yaml | 44 -- moon2/crds/moon.aerokube.com_configs.yaml | 429 +++++++++++++++++- 2 files changed, 428 insertions(+), 45 deletions(-) diff --git a/moon2/crds/moon.aerokube.com_browsersets.yaml b/moon2/crds/moon.aerokube.com_browsersets.yaml index 2a1e7ee..a0e5efe 100644 --- a/moon2/crds/moon.aerokube.com_browsersets.yaml +++ b/moon2/crds/moon.aerokube.com_browsersets.yaml @@ -745,17 +745,6 @@ spec: additionalProperties: type: string type: object - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object default: type: string dnsConfig: @@ -1269,17 +1258,6 @@ spec: additionalProperties: type: string type: object - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object default: type: string dnsConfig: @@ -1801,17 +1779,6 @@ spec: additionalProperties: type: string type: object - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object default: type: string dnsConfig: @@ -2325,17 +2292,6 @@ spec: additionalProperties: type: string type: object - capabilities: - properties: - add: - items: - type: string - type: array - drop: - items: - type: string - type: array - type: object default: type: string dnsConfig: diff --git a/moon2/crds/moon.aerokube.com_configs.yaml b/moon2/crds/moon.aerokube.com_configs.yaml index a1054e8..6ab4906 100644 --- a/moon2/crds/moon.aerokube.com_configs.yaml +++ b/moon2/crds/moon.aerokube.com_configs.yaml @@ -9,9 +9,9 @@ spec: kind: Config listKind: ConfigList plural: configs - singular: config shortNames: - conf + singular: config scope: Namespaced versions: - name: v1 @@ -61,6 +61,67 @@ spec: memory: 2Gi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object @@ -95,6 +156,67 @@ spec: memory: 128Mi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object @@ -129,6 +251,67 @@ spec: memory: 128Mi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object @@ -163,6 +346,67 @@ spec: memory: 128Mi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object @@ -197,6 +441,67 @@ spec: memory: 2Gi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object @@ -231,6 +536,67 @@ spec: memory: 32Mi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object @@ -265,6 +631,67 @@ spec: memory: 32Mi type: object type: object + securityContext: + properties: + allowPrivilegeEscalation: + type: boolean + capabilities: + properties: + add: + items: + type: string + type: array + drop: + items: + type: string + type: array + type: object + privileged: + type: boolean + procMount: + type: string + readOnlyRootFilesystem: + type: boolean + runAsGroup: + format: int64 + type: integer + runAsNonRoot: + type: boolean + runAsUser: + format: int64 + type: integer + seLinuxOptions: + properties: + level: + type: string + role: + type: string + type: + type: string + user: + type: string + type: object + seccompProfile: + properties: + localhostProfile: + type: string + type: + type: string + required: + - type + type: object + windowsOptions: + properties: + gmsaCredentialSpec: + type: string + gmsaCredentialSpecName: + type: string + hostProcess: + type: boolean + runAsUserName: + type: string + type: object + type: object version: type: string type: object