fix: add securitycontext (#17)

pulumi · Dec 9, 2024 · 4517736 · 4517736
1 parent 19c856f
commit 4517736
Show file tree

Hide file tree

Showing 4 changed files with 14 additions and 8 deletions.
diff --git a/chart/pulumi-esc-csi-provider/Chart.yaml b/chart/pulumi-esc-csi-provider/Chart.yaml
@@ -4,7 +4,7 @@ description: A Helm chart for the Pulumi ESC CSI provider
 
 type: application
 
-version: 0.1.3
+version: 0.1.4
 appVersion: "0.1.0"
 
 maintainers:

diff --git a/chart/pulumi-esc-csi-provider/README.md b/chart/pulumi-esc-csi-provider/README.md
@@ -1,6 +1,6 @@
 # Pulumi ESC Secret Store CSI Driver - Helm Chart
 
-![Version: 0.1.3](https://img.shields.io/badge/Version-0.1.3-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=for-the-badge)
+![Version: 0.1.4](https://img.shields.io/badge/Version-0.1.4-informational?style=for-the-badge) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=for-the-badge) ![AppVersion: 0.1.0](https://img.shields.io/badge/AppVersion-0.1.0-informational?style=for-the-badge)
 
 ## Description 📜
 
@@ -11,7 +11,7 @@ A Helm chart for the Pulumi ESC CSI provider
 To install the chart using the OCI artifact, run:
 
 ```bash
-helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --version 0.1.3 --namespace kube-system
+helm install pulumi-esc-csi-provider oci://ghcr.io/dirien/charts/pulumi-esc-csi-provider --version 0.1.4 --namespace kube-system
 ```
 
 After a few seconds, the `pulumi-esc-csi-provider` should be running.

diff --git a/chart/pulumi-esc-csi-provider/templates/daemonset.yaml b/chart/pulumi-esc-csi-provider/templates/daemonset.yaml
@@ -76,7 +76,9 @@ spec:
       {{- toYaml . | nindent 6 }}
       {{- end }}
       serviceAccountName: {{ .Values.serviceAccount.name }}
-      securityContext: {}
+      securityContext:
+        runAsUser: 0
+        fsGroup: 0
       containers:
       - name: {{ .Values.name }}
         image: {{ printf "%s:%s" .Values.image.repository (default (printf "%s" .Chart.AppVersion) .Values.image.tag) }}

diff --git a/deployment/pulumi-esc-csi-provider.yaml b/deployment/pulumi-esc-csi-provider.yaml
@@ -62,18 +62,22 @@ spec:
         app.kubernetes.io/instance: secrets-store-csi-driver-provider-pulumi-esc
         app.kubernetes.io/version: "0.4.2"
     spec:
-      serviceAccountName: secrets-store-csi-driver-provider-pulumi-esc
       securityContext:
-        {}
+        runAsUser: 0
+        fsGroup: 0
+      serviceAccountName: secrets-store-csi-driver-provider-pulumi-esc
+
       containers:
       - name: secrets-store-csi-driver-provider-pulumi-esc
-        image: "dirien/secrets-store-csi-driver-provider-pulumi-esc"
+        image: "ghcr.io/dirien/pulumi-esc-csi-provider:0.1.0"
         imagePullPolicy: Always
         resources:
           {}
+        args:
+        - "-endpoint=/provider/pulumi.sock"
         volumeMounts:
         - name: socket
-          mountPath: /etc/kubernetes/secrets-store-csi-providers
+          mountPath: /provider
       volumes:
       - name: socket
         hostPath: