Skip to content

Commit

Permalink
Add default security context to aggregator
Browse files Browse the repository at this point in the history
There is no elevetated priviledge that the aggregator needs on the node
so we should be fine to add this security context which makes it
clear that we are not operating as root in any sense.

Signed-off-by: John Schnake <[email protected]>
  • Loading branch information
johnSchnake committed Sep 17, 2021
1 parent 0f94168 commit ca27736
Show file tree
Hide file tree
Showing 36 changed files with 144 additions and 0 deletions.
4 changes: 4 additions & 0 deletions pkg/client/gen.tmpl.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -102,6 +102,10 @@ metadata:
{{- end }}
{{- end }}
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
{{- if .NodeSelectors }}
nodeSelector:{{- range $k, $v := .NodeSelectors }}
{{ indent 4 $k}}: {{$v}}
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/default-plugins-via-nil-selection.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/default-plugins-via-selection.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/default-pod-spec.golden
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/default.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/e2e-default.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/e2e-progress-custom-port.golden
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/e2e-progress-vs-user-defined.golden
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/e2e-progress.golden
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/envoverrides.golden
Original file line number Diff line number Diff line change
Expand Up @@ -83,6 +83,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/goRunnerRemoved.golden
Original file line number Diff line number Diff line change
Expand Up @@ -78,6 +78,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/imagePullPolicy-all-plugins.golden
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/imagePullSecrets.golden
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/manual-custom-plugin-plus-e2e.golden
Original file line number Diff line number Diff line change
Expand Up @@ -90,6 +90,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/manual-custom-plugin-plus-systemd.golden
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/manual-custom-plugin.golden
Original file line number Diff line number Diff line change
Expand Up @@ -52,6 +52,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/manual-e2e.golden
Original file line number Diff line number Diff line change
Expand Up @@ -80,6 +80,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/multiple-node-selector.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
nodeSelector:
fizz: buzz
foo: bar
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/plugin-configmaps.golden
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/plugins-and-pluginSelection.golden
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/single-node-selector.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
nodeSelector:
foo: bar
containers:
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/systemd-logs-default.golden
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions pkg/client/testdata/use-existing-pod-spec.golden
Original file line number Diff line number Diff line change
Expand Up @@ -54,6 +54,10 @@ metadata:
name: sonobuoy
namespace:
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-config-no-flags.golden
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ metadata:
name: sonobuoy
namespace: configfileNS
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-config-then-flags.golden
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ metadata:
name: sonobuoy
namespace: cmdlineNS
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-issue-1375.golden
Original file line number Diff line number Diff line change
Expand Up @@ -166,6 +166,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-issue-1376.golden
Original file line number Diff line number Diff line change
Expand Up @@ -155,6 +155,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-issue-1388.golden
Original file line number Diff line number Diff line change
Expand Up @@ -152,6 +152,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-no-uuid.golden
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-rerunfailed-works.golden
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-static-only-e2e.golden
Original file line number Diff line number Diff line change
Expand Up @@ -121,6 +121,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-static.golden
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-subfield-flags.golden
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,10 @@ metadata:
name: sonobuoy
namespace: cmdlineNS
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/gen-variable-image.golden
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/plugin-loading-installed.golden
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down
4 changes: 4 additions & 0 deletions test/integration/testdata/plugin-loading-local.golden
Original file line number Diff line number Diff line change
Expand Up @@ -99,6 +99,10 @@ metadata:
name: sonobuoy
namespace: sonobuoy
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- env:
- name: SONOBUOY_ADVERTISE_IP
Expand Down

0 comments on commit ca27736

Please sign in to comment.