[BGD-4448] run DP components as as non root

spotinst · Jan 19, 2024 · eec4c06 · eec4c06
1 parent 74c092c
commit eec4c06
Show file tree

Hide file tree

Showing 11 changed files with 17 additions and 8 deletions.
diff --git a/charts/bigdata-operator/Chart.yaml b/charts/bigdata-operator/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: bigdata-operator
 description: Spot Ocean BigData Operator
 type: application
-version: 0.4.6
+version: 0.4.7
 appVersion: 0.4.5
 home: https://github.com/spotinst/charts
 icon: https://docs.spot.io/_media/images/spot_mark.png

diff --git a/charts/bigdata-operator/values.yaml b/charts/bigdata-operator/values.yaml
@@ -35,7 +35,8 @@ podLabels:
 podSecurityContext: {}
 # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  runAsNonRoot: true
 # capabilities:
 #   drop:
 #   - ALL

diff --git a/charts/bigdata-proxy/Chart.yaml b/charts/bigdata-proxy/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: bigdata-proxy
 description: A Helm chart for the Spot Big Data Proxy
 type: application
-version: 0.4.4
+version: 0.4.5
 appVersion: 0.5.3
 home: https://github.com/spotinst/charts
 icon: https://docs.spot.io/_media/images/spot_mark.png

diff --git a/charts/bigdata-proxy/values.yaml b/charts/bigdata-proxy/values.yaml
@@ -45,7 +45,8 @@ podLabels:
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  runAsNonRoot: true
   # capabilities:
   #   drop:
   #   - ALL

diff --git a/charts/bigdata-spark-watcher/Chart.yaml b/charts/bigdata-spark-watcher/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: bigdata-spark-watcher
 description: A Helm chart for the Spot Big Data Spark Watcher
 type: application
-version: 0.5.1
+version: 0.5.2
 appVersion: 0.4.5
 home: https://github.com/spotinst/charts
 icon: https://docs.spot.io/_media/images/spot_mark.png

diff --git a/charts/bigdata-spark-watcher/values.yaml b/charts/bigdata-spark-watcher/values.yaml
@@ -56,7 +56,8 @@ podLabels:
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
+securityContext:
+  runAsNonRoot: true
   # capabilities:
   #   drop:
   #   - ALL

diff --git a/charts/bigdata-telemetry/Chart.yaml b/charts/bigdata-telemetry/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 name: bigdata-telemetry
 description: A Helm chart for the Spot Big Data Telemetry components
 type: application
-version: 0.2.0
+version: 0.2.1
 appVersion: "1.16.0"
 home: https://github.com/spotinst/charts
 icon: https://docs.spot.io/_media/images/spot_mark.png

diff --git a/charts/bigdata-telemetry/templates/thanos-receiver-statefulset.yaml b/charts/bigdata-telemetry/templates/thanos-receiver-statefulset.yaml
@@ -90,6 +90,8 @@ spec:
               port: 10902
               scheme: HTTP
             periodSeconds: 5
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           terminationMessagePolicy: FallbackToLogsOnError
           volumeMounts:
             - mountPath: /var/thanos/receive

diff --git a/charts/bigdata-telemetry/values.yaml b/charts/bigdata-telemetry/values.yaml
@@ -15,6 +15,8 @@ thanos:
 
 nodeSelector: {}
 
+securityContext: {}
+
 affinity:
   nodeAffinity:
     requiredDuringSchedulingIgnoredDuringExecution:

diff --git a/charts/spark-operator/Chart.yaml b/charts/spark-operator/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Spark Operator (b/g part)
 name: spark-operator
-version: 0.1.23
+version: 0.1.24
 appVersion: v1beta2-1.3.4-3.1.1
 dependencies:
   - name: spark-operator

diff --git a/charts/spark-operator/values.yaml b/charts/spark-operator/values.yaml
@@ -20,6 +20,8 @@ spark-operator:  # This section controls the behavior of the spark operator sub-
 
   disableExecutorReporting: false
 
+  securityContext: {}
+
   webhook:
     enable: true
     # If hostNetwork is set to true it is probably a good idea to change this (e.g. 25554)