projects
/
osm
/
devops.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Adding security_context flag to charms
[osm/devops.git]
/
installers
/
charm
/
mon
/
src
/
charm.py
diff --git
a/installers/charm/mon/src/charm.py
b/installers/charm/mon/src/charm.py
index
2721939
..
917b54a
100755
(executable)
--- a/
installers/charm/mon/src/charm.py
+++ b/
installers/charm/mon/src/charm.py
@@
-86,6
+86,8
@@
class ConfigModel(ModelValidator):
grafana_password: str
certificates: Optional[str]
image_pull_policy: str
grafana_password: str
certificates: Optional[str]
image_pull_policy: str
+ debug_mode: bool
+ security_context: bool
@validator("log_level")
def validate_log_level(cls, v):
@validator("log_level")
def validate_log_level(cls, v):
@@
-187,8
+189,14
@@
class MonCharm(CharmedOsmBase):
# Check relations
self._check_missing_dependencies(config)
# Check relations
self._check_missing_dependencies(config)
+ security_context_enabled = (
+ config.security_context if not config.debug_mode else False
+ )
+
# Create Builder for the PodSpec
# Create Builder for the PodSpec
- pod_spec_builder = PodSpecV3Builder()
+ pod_spec_builder = PodSpecV3Builder(
+ enable_security_context=security_context_enabled
+ )
# Add secrets to the pod
mongodb_secret_name = f"{self.app.name}-mongodb-secret"
# Add secrets to the pod
mongodb_secret_name = f"{self.app.name}-mongodb-secret"
@@
-222,7
+230,10
@@
class MonCharm(CharmedOsmBase):
# Build Container
container_builder = ContainerV3Builder(
# Build Container
container_builder = ContainerV3Builder(
- self.app.name, image_info, config.image_pull_policy
+ self.app.name,
+ image_info,
+ config.image_pull_policy,
+ run_as_non_root=security_context_enabled,
)
certs_files = self._build_cert_files(config)
)
certs_files = self._build_cert_files(config)