Merge pull request #1073 from javanthropus/add-security-context

openshift-merge-robot · web-flow · commit 7afd24853602 · 2020-03-16T01:06:36.000+01:00
Lock down package server runtime environment
diff --git a/deploy/chart/templates/_packageserver.deployment-spec.yaml b/deploy/chart/templates/_packageserver.deployment-spec.yaml
@@ -60,5 +60,15 @@ spec:
         {{- if .Values.package.resources }}
         resources:
 {{ toYaml .Values.package.resources | indent 10 }}
-        {{- end}}
+        {{- end }}
+        {{- if .Values.package.securityContext }}
+        securityContext:
+          runAsUser: {{ .Values.package.securityContext.runAsUser }}
+        {{- end }}
+        volumeMounts:
+        - name: tmpfs
+          mountPath: /tmp
+      volumes:
+      - name: tmpfs
+        emptyDir: {}
 {{- end -}}
diff --git a/deploy/upstream/values.yaml b/deploy/upstream/values.yaml
@@ -27,5 +27,7 @@ package:
     pullPolicy: Always
   service:
     internalPort: 5443
+  securityContext:
+    runAsUser: 1000
 catalog_sources:
 - rh-operators
diff --git a/manifests/0000_50_olm_15-packageserver.clusterserviceversion.yaml b/manifests/0000_50_olm_15-packageserver.clusterserviceversion.yaml
@@ -123,6 +123,12 @@ spec:
                   requests:
                     cpu: 10m
                     memory: 50Mi
+                volumeMounts:
+                - name: tmpfs
+                  mountPath: /tmp
+              volumes:
+              - name: tmpfs
+                emptyDir: {}
   maturity: alpha
   version: 0.14.1
   apiservicedefinitions:
