From ade479f7b1b739cba648b29343969c21f4d85377 Mon Sep 17 00:00:00 2001 From: Angel Kafazov Date: Thu, 13 Feb 2025 13:14:21 +0200 Subject: [PATCH] fix kubernetes vulnerabilities On-behalf-of: @SAP angel.kafazov@sap.com Signed-off-by: Angel Kafazov --- .kube-linter.yaml | 4 ++++ charts/example-content/templates/deploy.yaml | 1 + .../__snapshot__/snapshot_test.yaml.snap | 2 ++ charts/extension-manager-operator/Chart.lock | 6 +++--- charts/extension-manager-operator/Chart.yaml | 4 ++-- .../charts/common-0.2.10.tgz | Bin 0 -> 4336 bytes .../charts/common-0.2.8.tgz | Bin 4413 -> 0 bytes .../extension-manager-operator-crds-0.2.0.tgz | Bin 3936 -> 3935 bytes .../templates/deployment.yaml | 3 +++ .../templates/service-account.yaml | 1 + .../__snapshot__/deployment_test.yaml.snap | 14 ++++++++++++++ .../tests/deployment_test.yaml | 3 --- 12 files changed, 30 insertions(+), 8 deletions(-) create mode 100644 .kube-linter.yaml create mode 100644 charts/extension-manager-operator/charts/common-0.2.10.tgz delete mode 100644 charts/extension-manager-operator/charts/common-0.2.8.tgz diff --git a/.kube-linter.yaml b/.kube-linter.yaml new file mode 100644 index 000000000..a149c1ec7 --- /dev/null +++ b/.kube-linter.yaml @@ -0,0 +1,4 @@ +checks: + ignorePaths: + - charts/keycloak/charts/keycloak/** + - charts/openmfp/charts/** \ No newline at end of file diff --git a/charts/example-content/templates/deploy.yaml b/charts/example-content/templates/deploy.yaml index ca7bf5f22..540c7cc25 100644 --- a/charts/example-content/templates/deploy.yaml +++ b/charts/example-content/templates/deploy.yaml @@ -4,6 +4,7 @@ metadata: name: {{ include "common.entity.name" . }} labels: app: {{ include "common.entity.name" . }} + namespace: {{ .Release.Namespace }} spec: strategy: rollingUpdate: diff --git a/charts/example-content/tests/__snapshot__/snapshot_test.yaml.snap b/charts/example-content/tests/__snapshot__/snapshot_test.yaml.snap index 3d8c9444b..ca4ee2072 100644 --- a/charts/example-content/tests/__snapshot__/snapshot_test.yaml.snap +++ b/charts/example-content/tests/__snapshot__/snapshot_test.yaml.snap @@ -32,6 +32,7 @@ matches the snapshot: labels: app: RELEASE-NAME-example-content name: RELEASE-NAME-example-content + namespace: NAMESPACE spec: revisionHistoryLimit: 3 selector: @@ -170,6 +171,7 @@ matches the snapshot (internalUrl): labels: app: RELEASE-NAME-example-content name: RELEASE-NAME-example-content + namespace: NAMESPACE spec: revisionHistoryLimit: 3 selector: diff --git a/charts/extension-manager-operator/Chart.lock b/charts/extension-manager-operator/Chart.lock index 9d8e18d3e..ea1607158 100644 --- a/charts/extension-manager-operator/Chart.lock +++ b/charts/extension-manager-operator/Chart.lock @@ -4,6 +4,6 @@ dependencies: version: 0.2.0 - name: common repository: oci://ghcr.io/openmfp/helm-charts - version: 0.2.8 -digest: sha256:00b76610b045f6ca44675ce287d551823ca67c7bac847bebdb5ae5c3fed0a318 -generated: "2025-02-10T18:48:47.676919501Z" + version: 0.2.10 +digest: sha256:c8a77b63c1295e33c8d4ac0cc03bec78b6e57d7c52681a673427eb3e40371da1 +generated: "2025-02-13T13:12:03.358427145+02:00" diff --git a/charts/extension-manager-operator/Chart.yaml b/charts/extension-manager-operator/Chart.yaml index 10a546628..0e2e45561 100644 --- a/charts/extension-manager-operator/Chart.yaml +++ b/charts/extension-manager-operator/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v2 name: extension-manager-operator description: A Helm chart for extension-manager-operator which manages resources like ContentConfigurations and exposes REST `/validate` endpoint type: application -version: 0.23.5 +version: 0.24.0 appVersion: "0.116.0" dependencies: - name: extension-manager-operator-crds @@ -10,5 +10,5 @@ dependencies: condition: crds.enabled repository: oci://ghcr.io/openmfp/helm-charts - name: common - version: 0.2.8 + version: 0.2.10 repository: oci://ghcr.io/openmfp/helm-charts diff --git a/charts/extension-manager-operator/charts/common-0.2.10.tgz b/charts/extension-manager-operator/charts/common-0.2.10.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fed83c1145e3704c860e874dd0d3405c8a4020c4 GIT binary patch literal 4336 zcmVDc zVQyr3R8em|NM&qo0PH;dQ`|a|?`QuNeSWz*=2bAB4@lNk)DW^OS4*R>igT3&lus;~R8vO*}1Msp?3Ly#qDg0qt?auv^ z6q3_V$OUCt1UCb3j3VYVm-_ht-eHnLtYiaXmPtZ0noWUYArK^{c|s%#FC!^NU?ji-Q%3KS1y0M_XLaQLd<*8f+-;j{ifMj7LT z6p0j(=K=f-+uIyJ5F>-lAGBQOTc>oqfvgtHIkPI**R|)Qn zsZjrQ^X=5M*Ue4+ID!dD1XeU@N~U;LB*_PiIZB`c7GM+oTbLR-BNApT8JiYk z7GEO=j#DZmpF_-XjG3e)5gxSBM&M7WoE2C8BH=TZ(0E=F&drl#pe)^&8D@|dNurFO zh7d4e97vKFyFFLy9Tm zb4X}PrJ<&~Tj8)UroO}g3OoY8ABL%4y)&pH@OS%z6Y8&^#_^8=#VUGbi#EkkH^H!^ zr>Ujn>xY6*QNJl4BG_%T_?VF!LK7t>Wjp6p1YzB}<_?79MB;R=E6axn&Y7OHkNKEL z>;&X^L)8ieGb&^?;&y^e)jLyjtSTZHs=1sYN#xAY0P~{M8AogSi*1loHa4yF&kq>0 zY%C(^JALCw#xz4AAm{7~At#)qD3J@xo2@P-xkpiwTVhmavBR~ za_pOq+0g)0NXqVG&2+=28I!y)ay2CqzmR!DmtFH^>ut61n96q^z+_79!vTI(lcofh zB=G0A2QWb*3yz|LD-V>-EI5_(H!PF*RXP+3fgI>qk>Ew9IkXO*HPpPw4#Y=+TnR?# zh{lw&B3}>sRy9*o;=)eM>y^-x5_F(IJplYFk!Qr(aB;t3G9cS#(GXor&r>hF{~*Qs zf0Z-8^SL&T?=Z=ci$LZ-<`k~>|N5g*xYzRkUiF8AXaDap%C~Q7Ih@c8!8fuH)B^A; z5i}M)+}(NAn(6^?cU6sAtNFKYK(jb0#x=qz%HMJRNo_HF*c#JVg0G*14}tjs{x!~h z@N3#ZiPG;W`dzNTCP_JnOM+%6yD=i=2paU=&c()vb)h$e1tu6vrrr0H$ar>4t}wA? zmE^f*A~?qciNN4gEn#BUB(_ibJxYz&h7>$$&v{SjUdhoN7}6y{cz+A zg_2^^wSTCdmQ)_CuN6VJx9h}Ni_P7gr+=vd*|sj*Ov>DhPwBLrX$wg^XruQw#&A>vwlvSJx%Rvy8?hITE5kZbm`1 zd(p0eXdeM!L>e`p^B4*iyPF1T?qa`nd#Bm94;pn7n8&Gl4B(j|NzA{y6 z1{bR;bOlcu{cZmG8>1QcFZ~V-Yez|K>G|Aux`2Pc)(;4PK^RyU)$jGdS3bNC+jnk-hjkhso_;zye}8&%czV$Zf!Ph^EYo{n2kgV)>Bae9 zKd*zX_^pxLf(<3DBXM+c@b>WY#lhPevtAI)5yU~B+jz9L`%R$JgOkG+RM#@%xAlAZ zOkSyF>#%0jcR4+N|Mv6o;itpn#u#jsG!r)M1qt3@;&k4p*@XE^)}vBx?y(?g#y*%( zT!X2z_vaVgW1y@^SMR$p|Ak#OupWK5IC}s2zdjyad_Fiks_`p(7wzoy2d{!K2!npq z-wg-h8VWH>jE}KwVBfqyK0bVN@&5ethr{zvM{n9Q+u=I|?RO$4F|J1X>G1r+g2t3M z&db2hE&Ne1xdheW>2GK6k6K!=MY3@<>P%wNcyPNv&Kb>Q&y|ma#Uzm6#g%o)M3lk>T+5pY9o2+@x%!ltJ|NhnY_oke*A%eT1D zcNT3!9GknmYJaJj+O{VZ8)c$HC7L{xL#GC$(^;l4IS=0 zDatv`wl!b_^BOePZE3hLZr8ZQ)$CM*&jz{WB%XT0 zHe43<-zP2n2n0%!(uMg=fFR(_<$(+}YN4RTJ$ zs2aV5K>%+Pc105NI1E6mzIuX}qX4Yat)2tLMZq%xBm+!yIR_!RzNI;VjAaP;l?oYn z9>7_3#mqSJ+YnsiJc8eGu7esN86-yN%X;I`L|}bAcJ()mW#Ij?)4jQD_>0@xz0`+S z*El~@1fqRS(ycP1Zn-EwMG*Cei|oo0tV`T``s*$$HAjx@S9*6ew8O?tfwdq zgDzFKF`Ynjz)E1-rrqi9)8P`CRj)>WdJR6@QCc-qwXQW3Z$Uy96mQ8|-!KkKb&pqW zlANJ+l!$C9-+i@ijYaw%y}NLk(VyDX>}YR@aqzPuNqjZW`jZ&-cFa&{U9o=E=Ct&? zRB=LRvSd^$Z!Il^gex?o>VLns(#dKyZAe_DEK9U`nWWkwUM`@IZ2?-ncIh=3|4z}| z>ar%ize~B-4%uQf@n3DvzR9w<|8IRXw}BAAy7=E<)Qt zdm`}+Be2o#onO3j%*M#;c)w1?P#p@E5(GK&8Ocp72}I0tEVq#MK|pS@B9wdGF8fkT zA=hMm*aBl^Zj8;TZoLyZ3nUBV49zQr!d_*00lg)cl{bXm*In}A1<7+mYuVwzBEd3b zPzTS|$g54SIm7TFFg3TJzh>t1^2JtN!Tw6pqz4^`wEnkmK5R+$7r`!XgV(ou0!z88CjB(sNjdlKC*dMg>|LpC(dbawq^TUJRP7Z@~{17zO-TzqJ{|&;ybN+`%DL=ZcJ{xTD%`+oszzn=qd0FA7NVpF++P+@B;w zZi_z(!m;Q5{IiYUd$;;##w{p#xUFt|+`3m$;MTj{R>k}+|22N;C$IWgK?F_;vvN}k zw{XQ+0=ICfPmC_LYjuyDX3)Ugk-P$Kf$EQAFLxEv`t@=+Clf^t9a`u{oBw_R_Z>#YZ+b*qtJC-xOr`V4zAU*2Ti8#X-1)ffZTFRv_-r!<=j2c zeiW)%Z6^%YRVnb`)>E#Cy=SSW$9g4Rb#cPpW<|KHQm9@kSu;1TNCsDET&Jj!Ym*tOBF%WIsM zcSSEtel-jKA>5m~-k{m%#J-Fe5sW7%Rn%5!elK7?^)U^KS$kMXu)L29tRJ`f3izbIwRSQ?`eF zFRMNw z^C6iBo_F|_s7drLFE71*uZl9R&(c)gk=}<<_@}*-U%f#MZYOL#7TAYDIC_2Zt2g`} z;;;|>a4yE6d;cFynM^ly?o*bv@xL%^?f-|v e{`3C-xjdKW@?0LY{9gb70RR62`A$RtW&i+SQH_KE literal 0 HcmV?d00001 diff --git a/charts/extension-manager-operator/charts/common-0.2.8.tgz b/charts/extension-manager-operator/charts/common-0.2.8.tgz deleted file mode 100644 index c0a4dc86d5dda55290dd155603e737f63c65a6f6..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 4413 zcmV-D5yI{tiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH+zbK5$S`OII@%a^USUPUx@*v_yjwdEvwiRbxR+ey{z)|L%Z zEeT_a-~&J>n%Mt+3kNBXq9kV`J3BMR2U{f22O8at#=(x+bjs50cN4;8FeB6C#pX*G zhT(3%um6W(SpOe(c6MKM`g=Rwes6ED(|r+ky8XSq7Z5%IFAF6XlJFPd57Vl5?jNL( zjDAKgC`%)_?RrBLF{hc-&-?HZlPSbXHy~!IBs8Vz7&ztvLE8w9_xju!INdFe5Mox%?2}_2i#gN4} z$bsXS3dv^>a~xtSDM^F}b+i%qV=5>4wZBOClqEEt6@)YMBpE1A_ho`9WO2!~%zk(XaKXMeS=oKyM6#LBt!-Afs zHYH!rb3R7>rg(^8r_$n6N^S{Fl$sRnoL3Qq^VW0jKuAs`j%T{Ec!=PP=|TIH4T;1? zK#sRm%}_9*LY5M@17xZ`nwmpZ5kXIlp?%LW@=De*pYd?5_(jCb`_`xfL|r@lvpn=9wsLP(l*mZO+1q4_#BJsV&lIunBTsf zJI9ZhWXMGzvmXlzSI2*y{%&Wd7XR&ap5wo#Dc`=S>2O3-1mEaFFjs)LM9^6HaDVTW zbE*fx-B~rN&F0^}0Zrp1AI=euQT~pz&uWR`!`6_-5`6t6dY?73NxFBd&vKu2(NYJ2f4lXuEtO>m#EHJ@XG9A88iHs+Qa(?==Xf zjGui73||XP)I2}0UeyB!nI0S`GF(?!fN8fKSsAt6(`Bd^k8cuAnF|a2%@ztJ8RJ{Q2PQoj^TF}O z*KF+Y| z1!5_^<*ra``nlN=tmx=NAVjm;d$Y;No)s^k9x(x!q`c zyVKnZ!XOMfQD-OYhHEIqEHR3$|R~I4ky_?%>plyyj;|ZQaufP%c#ekkzVihpB|ts26{goo)sHk{*suF zWypzS{G$soGY}651XqFI-+RT@*C}V$dg-Gy^8?zA6|+(GW3hngX;2Uf6iz2L*g&*l zDY!w$;$GTjJ5k49(5-DjZl+%@PP^tY`-zV}XqL`D^q3WW_{l?7Zg4;Ppp}%KX4o3H z@KI-5j@LNNvHVUsGU31 zjqGM@_;5ylh!cBqzaPgePvvp34Obs5OeK{wy?(MG5y>T+Dwy*Mh6{FssYa1930wHb zJen(bZw1TX%o3w+3{3(O8OGlyA#*DAV|rM_9h8X6{V?Yc>k&w4%;jAEID|$nl{KSK zF2xIRRa zwzt=Dv~=2V`3>xbc5@po==yr(C!GH*p8py5pd|Cd2YJ2j=HG3@r5Y;q3O)_@hvYtYzup%Oc| zUE>y4wNn*7E991w_}K%t;j(D|X1+OO>?Y4P;{n##|8B2eKmXqicc0JypQL>Iw*4!3 z0KesFY;Juoh8-Tjd-q#4!qq!{1fVT8n54k(h|q z6+x>7zFHCa#RiQ-dGV}gjM5Nk4xCqzfs%hcIc=a5<$ye97v@AZ-vK-1kI8;PV)M+; zRr@jdcc|35&~74Dv6CXSsI+O<)*_9kA{8+d5Zk|c7s|_ytV=geSO8b6LqTsbnJKvv zNHwf>tlCcs_(J7`ra)jyvcUT!$dVgfE9GBXl-}U1qx@c1{pp#tsCC*WN9YIxK1+Z;X@AUWCaDmL4SEWC#3LmbN zR*lr$)+&a#pdkx}w`8ubIESUS$ICEDPS6HQL{^ROp;ouXBYltEUAWBXPi^Mx=xB&> z@Y6g=d^OJclNj}O$WUlov2oSrtn|A~aYSgcL@H&pHqC{EYcx{zzu#KvXtkMEG_Ew3 zCDy!5Q>}=XE9g^ufLgCzdKJdMQ#H4myh-ctGVZk^TinL`XIryxvMjFuYah*RU<+W~ z{$ICW-~Zd)={&FhpQNlhBQ*-(mp8ZP?<#j~@~*|0zn7{W}V+Z= zPe^9=l0d{P!(s_(9|UA3D?+i>ZSpU3E##W44_jco%&qY`<#lr+CxK*voS=E7P}n;p zFQK*Mmhgtq`?^a$yd+s>Xe~P&SR`0%8O%4&mE_f;*PLPa5SW@f(BCriS@B|PUcvrC zrb!DL4r%>w-+b7T?9YOw7SP$5q$3E-a8wpoGD~19CQ?DS%?Q2>&M+a8-r~7#-@d;u zHa|@(v&!;Yur)3zh3j!;>`Yx%noKs9#0!8cQ}K|IhAT@7e!9MUg0ETPLyk*_=F=pHZy+pAGik9}R-(@G)qt zyZ_M*7wkXmKF5DgQhq7&_IVG@_UHZE|6I5^{{DAsB4s9`?QJ?82Vz1o8H#|i?Q1d| zPi~!m;K3@{8TS_wMw~j5|>9a97^?xO1k}+{#AbIC$IcUKm<+-Gv~v|YsM0|gDZVvbfrV92jnz^3g(976>tYse=mEr zqma&DFNbq7QOu!33tg#Pf}{SOKit`?D+l3Ud$_ zXDzW&gE~r{uhzzTqN6H-(U|;QI=(c`R26;gGr!s>FML53bzb@U8>?uZD@+gg(sW~u zJ-*|cxwTe{UlVgxuY;xS7pG1J5R+T_M)X49vhZ;<;@9u zofYA#%%OUvl+9eZA}L&>iJgY#W-OBv}Am#oGkz`uH1&2 z(wflp0{A5CU6-pSaJO;aZCt-8D}J(DCfhzm@dpQfq2B>e{Z z;h%Po-g@0RxE-+dSl|tG!~W}|w_fjih{GG`gx&tpTdzL{s}I?O&=eo*s(ACQmcq|o z0sU*2`uaZ@GdbPRxld8n?*D~hZT;Wtb#|ZE|Ig*QJeTM4nC1Th00960gXS^b0A>IH DRyLg# diff --git a/charts/extension-manager-operator/charts/extension-manager-operator-crds-0.2.0.tgz b/charts/extension-manager-operator/charts/extension-manager-operator-crds-0.2.0.tgz index fdccabc80899f966990ab78d2d31106333cf2860..92eaac79a47c532ddd98c84c76ee01e6787f8273 100644 GIT binary patch delta 3626 zcmV+_4%PAC9^W32yMOfj#lhj=;K^Y4;&5>I1O_*6vO7|xiF`7+bzAEX_a^~K=m(T$ z0*qlk@<@^_zYhF?Kk!0SfuxDHmyY4Tk;M?0NdZ$K;iq(hlA}iDaT4PgTIQ3d7YUAm zBnhJdF+#n0(cZ`(cn__RzZlxq|D3QC)$I&G+xj1j4%gTJ(E{PYlRN=Je@ywu^?x7e z^?F`81|SJtP6_2-eW!dX`tzZ8MR_=elT>LDpP>?|4DdBhDW}$n$EZn2G#PsUgmaTaFS9MqO`)7;m5!q9{C3zfD0w6C)nCF^i+a@X(o~)O-!ZL z+fG>4k?bLy+>^3gdz(?Ee}Aei@|G%XizO_Tgw^!VmQXVx_0L7SJqQAKgYqb4L{?Y! z08}7Md}Qk;B*4%E$P{E{^?-z-RXJhrCFL6BiC}5Wmo5FK1b zvRHAg^gAIDD4&Wk%(PC_xZjVc&P_`o;yC40FZ$L>&`GL=RQ(X=$oh&#JtBh{)fnhh zVxJ_mXCH(+V-SbCGBZYMrP+-sxG?qOE+>qP&2euw%|O$U}f2bsHijx zLlcc=an-tte;n1ez<_c_Ij+=PFVa*UGQWvjSKX@B*;?HTQ>wB)@-(i#(*qO4)!Z_+ zfBXK_jG2MNSm@j7iKKdFW?4{EyIq2T!a$-v!)aZCHe*r7TM-cUi+$cRoT5Y?I446W zSAblk(abJ189Pg^1u)dG5GgPbnCYiy*wBE?rG~ksf1zB_&{hLQVsvqji6Pb(`8G;{ z+#5ICH+q?pl<6_-?6j2Ysy_o01Ubit`QvUlxpiDv6H1X;vyIa!2Aa;1Ev(5ji+dj? zsfI8`qw)y}uC9p;6$Bzqh^7SZY#L$LOe~a!0Hv8YYysC&@Tg4*6;}Lexld;dc_;#t&+z~gt@>h) za!&EOe=Xz{f345-?bl&?Y0=Ca-m8?P~c0i=x#42NiW+p)FP%qO)Xt( z=sNYSrC)z6YYNL4?N`Zeu*)vHxfolCZ1fB&{l*;ZO{%VMHTtW@~r^^oW0Ub;wJ zHuceNtxkVFe{*&L$FE#F7ym#y=}IxDNDvC2-h>@wuzL7D489? zqP1W~c!Z%3aB6f&wCSFS>#w-D=KH21e}`1%`G@WAQle3}^MRQdo5BRf+LH;ZjR#yX zG6s`1^o+zNQ`=-rV^oSnw;rQRjLW}fX-qgsB%yhP;vNre*vF&gWF-@kx}>QXvX)UX zDcA%HAMKv4u2M|CyhR@A*%%H+FOI&ushV=D@Lz6O*M_d$HMS|Slz&>4_<2s{e@8_b zJHJ+E`!!LZP{V{M3?WULRQRKiCit|W&pyy;bt6>e27@hNIC5c_?b7BR(w9rW;!&uA z@AudGX%g+!S|l@TYrAMeFp185W!oKDZ_1_$m(S6*Mkv=uhjsIVavG=c7zT|q!}##1 z(gm34o~YYT2PdU4=foJ=NRrs(e;fhO&?HS$in6?nT(oT~mNv(ny8o^+^Vnfwy_X_P z1C%xxHj1ZH8kFtnB0;zEGAD^&%;+q)k$~_JVkDgMNM&8gWBdKuR!ybr85&FMHqtU# z(msVrkW7A0AWDfOTqB0YS~i)7Oh(CalVbm*#Zs)~Bj!=Fof(%ew40aVe_+%w$(E&R ziX=pvC~*w`_wl&*Kcx5j<iE3h(KGk=*!5czD_ zx6V{d;X* z7ACE2-Jg3G5Ld)a@_@=JTKp8l`j zcz^F%fA7`P(%icI*efQMfB9_hRq5W|4X0V2zgKCsR}s%u7R$nh%6rb}Ro+^8f3bSY z^t$3kV?LRsvr>}9W;#-&FlVSzR{xT{l7m$7So6ei8pSe?flR4 zgXbIPe@4T{_y6~SU3l-@fK6iEK)X!RzM?k~VM2l{5~1?F-7JYslSD{uvRPydA|@sf z6CKPbkM=<#Bbv_9fB2VK={n(|w+kF27tKFSBu?oU3|(;kw>=+z;cQ_8fy^^Of)W_z z=zIR_^H1kmNc48$M8vV+@ZsbfLMoN#M^yLiU)O!lpZqTS_HTY+7WK`a{HvPtej#W= zf~z#KTPMnU=Bw+(d*)BbmG{iovH4#}8hOwD-`j-`L{gC|e>i>pMtOcBg|$mQ4UzO+ zaVdWD{J9E5i2Xle+d`x6^sn{3a{OJC;Q(rriQQH*Pem*}nYes_Ny!hvmZABj>7gZM)ohdFH|HPr?M5 zxb{772s5G}kr-fTU!aOPN*KA11NU*5Z|m5%e75nF>e1Q%`;pLbaw8Hz>-qn| zVAcPR2BU+~qyN7Tw4eW0x_3(w$kzOi(cow_cpU%xz$5?TuZ=G2U-dtIQk*1eCiJII z{UQqZWbRtC;G6q(Z8Wd{(cs`}vWwq%tC#9w73WiFq-c>>hG_h42 z?v%5#!c=i+I$c%ATB+z+%|U~2$Y62!e|9_;hwa!b4iCa#{nM zcg%QkXyv^)G_haqWo+v>Fdas>nh#U1So6YplN;l39}F3XwiBM6*fQNjK^t?Xtgx2j z>aFL#9hy#}I5eCBFN)Nj2JhVC*5mb^*ftJb^xTDc(_I>LW8pY#$0fN3MvlXsfADe~ zx~dF1adaHIGIjFO+vyl?$l7tZFYb=RJu!Il#%{vnad;Ruk3%OTSuWbb>~XjWzo*nl zr;fDtxl@1tZ1%qcGiVE0wJf2|GFp_}9JJJ)D!mg9(OpF@O$?%n?lxG_Z^0(YB;P%! z$f1^5RPp3D zLAgy155sVBxNDx1!)@74xsX8=OnEx zsZy~L}xqdw-%b^o9t1PNP-5pq34tK`L?;gr^2@%@7euKK}eko*~)sR_J#Ar|QU05BE0O&i@@eUqAmjdNF$Olk*N`2*1%v8vtei0A1-c-2eap delta 3627 zcmV+`4%G4A9^f93yMHu%{$e;BJ{b&O9K1Ms0)v}3*&V6UL_QhZx~=tx`;&kq^aDyW z0md*Nc_c}eUkCocA9x|EK+;6pOULlv$YKc0q=2cA@KZWL$x);7IEir#E%V9Kiv-6& zl7!KK7@^+0Xm8{XyoXlEUkq*Qe@UIX8ZT$~MhwJPA=mOyRlRN=Je+Gl+kN*E& z(ChWQatuHcx||Zqzxq!3RP^UV?~3wp3@545B0fVUQW@ZDoKjA$6OU1okZ3aY00`$o zyXj!Q0+^X11!E|C5pw@3o!}&;EJSIAFT;<4KRogeJOCF;R8O$AY3Qj01Jg_-MVgpO ztGAu7tRvY&IJqZfx%M`re@g#UTjVWO+7?S#DhaFUpDm$gLh7H3c6$&6?gr&i%80D4 z>;b4inE1%nO-O*D2aqYq%IX0LL#uMa-b>0g$`irTm@ixUO$q*<=-C*2rHM|B#<;7Z zKE8VTpT3E}UcTHpLlQ1__Aawhwsx+0doR1<0yd>3<F|mdv#5?BJ&|( z$&3u0=7JfXwNMWxNqt&2Ue<`*Ui zX%Z5R;d+5n4ksi=c0v^1^H`ZtQ9UyVokpwdRMrbS^_FhrexPP(t8Bq}g2BqN3sF&N z7KSDo&El$ce-$~ZZGi#hjB;G5xn88HI%IwmxvsiZtFyJb7p7EYedK9eeWwQ|h^x6} zZ2$KCsTnf^iLubP(-TSc%*?W&rgpmo1BHP^eTLJz0&T{kjJF~n>=*mIXE;TPJaA5i zP_6*ENTZouXfk$|Tnk{RVIfjrA~4fW&#<8ZnM)0Ge@jETqM@w@ip1#R9uq^XFY;}a z0=YMCxNr0_B`MQm*x6|**HwQ8CJ1tl5A(;}aB}OouqKouvt}EoQw%hnBU@OLX%_cB zOi~SDibmxV5?oyq87c@woDfYXlu^9^s#@A1jEQRutqcT=6TR@^lq*emfNJTk&Af+e zs%OScf7?=-2Qhgz5ZN@su9;XU4FO6sao7T`rQlJU5-P0t)pDQC81hgACZFR0CR+8y z9Oazib^lt(E6Ssu>2S}@D%H2ssK0AJ8ry9#NaaG6hM>TgUeVoNOp;!y{wq&k;uf5ZN5owBX8;+DlknOLdt%j+S}&AoJy zxNPd9-CCXgeE#O_0*+t5KD{{o<>%wKaDH)o@#{JKc>3n;Yv^T9vH1WHuvBT3RWjp5 zNKLpN!&%BSI(p5gW6slzdwb1)1bjI}2dRvQnv zU}Ov?Yv>t?O{TWVn8v6SiEcecnHZOU&C-}~kVr!F2*o`f+OUsD%gIV6B6UeqF=Q>H zVp6aP7CzcNTV17?e0hsJ(z7ufj9wglcT+XxR^h+gvaStXyK8JyVk!T$D)IB2f69-F zGIoBg&h~4fK%s^SQ5Zs+G^y}MAx-dUL!W)1)9Oa3$_)lvz;NWkFx#cgJ)|#}e#N6u z1>f(l_0uHUskKOE*4B2>hF}t%`O3CCvfh+U6)vBnZH-W_j}GhR2jw(Q<1q{xXNK|N zQKbto(LGVOpAJq+Va|y$w2>sSf5|xlprJ{crW9p)8M$cNRxE9fId%VCW#+NN!g?=7 zm;*E2Mh*lna` zvZQ?qlOUP=o)?|(?|_sgf*KZD-)pZ3R>&q`k}_g?+SO$}L9oL69Fwr2h^k0A2d zuy38In8JljaUXspOyNHK%B{DnQ&fG-Z9?lEBdRVP?ZJ+1qyB!@_DxmNl#Z+@#Ab*l zAS_H;X@3r^X@#i}K7Ju_f5OlYMBK04zspf}QNyFw`SJ9ln+2CoKlZZ!p5>SJUOoL^ zzw!Rwv;N+zr=_`d`LS0_EdTP^-mB8Ry&F!mJb$m!YOf-mt1Om<4VCwt(W|_*^8RA= zmg#lHjmCU3OJ}7di_LVTNMX)UrL1E2uR&29zvweGnLTA#9VfR(e|Zh^yM!#wF0$VD zRjO>`qHBK)TBfe&N(*U%&C->0vV19!cP}$h@Xvoeo^Dt{+xvfihAgHL7ZPvWM%($H z=LgR>&i@P#9^e1p2X^7Ta|1Ssbp!1(N&AZ4M1%_ws4})`7;6uVyCuv9BE_B#f|c%J)jed!^T4guPOF!SLmj5#3Y&NQuNf zZ`Uk5lgD{qf8i%wz*jIb;48d#@15*_%a|IzdS816?r;9F@}K?Y8Nt8IQA%pBb4&e2nHTJxr4{wFIe{xCj=PO)f&w!uv{@O15T|w#a zt~Xk#Wo$NK{uM4ZDhUY*u{$GGVh()xRb~6~pR1~u3m=vXXOEn#(zWe!>*bjTyFUpN zWa8TQydlhpf<$6~p?!fW<|tw0J`UW+VZN zAuV7=f9B}+Ys}?x@VyV$Gs;YYPZ@&=nvt}f)511v^lkJ+V$>*=eQC?s!uPy4E>ZJ7 zfBx(Z_rQ14$`3JNVqu2XUq+`sqcPRWk1-ZKz5Br%71gr=YnK8qVKg}W z?%faG!8VPJeU^s@ab_=x& ze@6rgibWky1S*d8Ztz9mCY%v~?RX=wc4oMiKavYBb*_a+0^PYJ(1}k16`T@>C9?#& zuuE*A3WkY6nPrm8ZswX4?33cM&%dm6lRk6Vw|cVgQ(bkTDc=1q5L(2a%TupO7=9vC?ee|N&m zapW>LkH-;`gpC6~ydoA2z-e=DkZo>qVO030KSKRnaOp)23Wp`%%E;T}0`H;(th zLvpwQ8!78!H%^j6M^$#`Cpm1V)ra9KIs6G2OAdF&TXN{aUUF#VFgdg{nH-w=Ob**k zp9keOIXn!*$>FYfP7b$aJLOWg<~%ucV?JeN+xbrpcg2Eo=x92d8Bq@3e~cI9(4LdD zvZPAI8rf1sxn|as!#4R@cLjbM9+g8UHkHF4j8nCR#+&$6IXd#JisJQrtD;OT@2V(L z%fBj$)bOwzI^_EGoGgb<%&fAg26cB}X*t{(Bfonn*Cj+~^ZE_yuKT5sbyin)d4t=P xU9Vtx~_>=MuWeC8TBNG5-006SZFP;DZ diff --git a/charts/extension-manager-operator/templates/deployment.yaml b/charts/extension-manager-operator/templates/deployment.yaml index b08266995..35911ddfa 100644 --- a/charts/extension-manager-operator/templates/deployment.yaml +++ b/charts/extension-manager-operator/templates/deployment.yaml @@ -2,6 +2,7 @@ apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "common.entity.name" . }} + namespace: {{ .Release.Namespace }} {{- if .Values.commonAnnotations }} annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }} {{- end }} @@ -34,6 +35,7 @@ spec: image: {{ .Values.image.name }}:{{ .Chart.AppVersion }} imagePullPolicy: {{ include "common.imagePullPolicy" . }} name: manager + {{- include "common.container.securityContext" . | nindent 10 }} ports: {{- include "common.PortsMetricsHealth" . | nindent 10 -}} {{- include "common.operatorHealthAndReadyness" . | nindent 10 -}} @@ -43,6 +45,7 @@ spec: image: {{ .Values.image.name }}:{{ .Chart.AppVersion }} imagePullPolicy: {{ include "common.imagePullPolicy" . }} name: server + {{- include "common.resources" . | nindent 10 }} {{- include "common.container.securityContext" . | nindent 10 }} ports: - containerPort: {{ .Values.validationServer.port }} diff --git a/charts/extension-manager-operator/templates/service-account.yaml b/charts/extension-manager-operator/templates/service-account.yaml index 490c917a9..2eaf7c467 100644 --- a/charts/extension-manager-operator/templates/service-account.yaml +++ b/charts/extension-manager-operator/templates/service-account.yaml @@ -2,4 +2,5 @@ apiVersion: v1 kind: ServiceAccount metadata: name: {{ include "common.entity.name" . }} + namespace: {{ .Release.Namespace }} {{- include "common.imagePullSecret" . }} diff --git a/charts/extension-manager-operator/tests/__snapshot__/deployment_test.yaml.snap b/charts/extension-manager-operator/tests/__snapshot__/deployment_test.yaml.snap index 8a0dcb8c7..6ce8cff32 100644 --- a/charts/extension-manager-operator/tests/__snapshot__/deployment_test.yaml.snap +++ b/charts/extension-manager-operator/tests/__snapshot__/deployment_test.yaml.snap @@ -68,6 +68,7 @@ operator match the snapshot: kind: Deployment metadata: name: extension-manager-operator + namespace: NAMESPACE spec: revisionHistoryLimit: 3 selector: @@ -117,6 +118,11 @@ operator match the snapshot: requests: cpu: 40m memory: 50Mi + securityContext: + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault startupProbe: failureThreshold: 30 httpGet: @@ -148,6 +154,13 @@ operator match the snapshot: port: 8081 initialDelaySeconds: 5 periodSeconds: 10 + resources: + limits: + cpu: 260m + memory: 512Mi + requests: + cpu: 40m + memory: 50Mi securityContext: readOnlyRootFilesystem: true runAsNonRoot: true @@ -172,3 +185,4 @@ operator match the snapshot: kind: ServiceAccount metadata: name: extension-manager-operator + namespace: NAMESPACE diff --git a/charts/extension-manager-operator/tests/deployment_test.yaml b/charts/extension-manager-operator/tests/deployment_test.yaml index 9a959a395..837bc686c 100644 --- a/charts/extension-manager-operator/tests/deployment_test.yaml +++ b/charts/extension-manager-operator/tests/deployment_test.yaml @@ -101,9 +101,6 @@ tests: - name: my-secret - it: with validationServer template: deployment.yaml - set: - validationServer: - enabled: true asserts: - equal: path: spec.template.spec.containers[1].name