From 7387c6c15fe3798fe58ae7d038bbfee7561f68e0 Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Mon, 25 Jul 2022 10:00:22 +0200 Subject: [PATCH 1/8] feat: add securityContext for pod and container --- .../helm/sloth/templates/deployment.yaml | 12 ++++++++++++ deploy/kubernetes/helm/sloth/values.yaml | 17 ++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/deploy/kubernetes/helm/sloth/templates/deployment.yaml b/deploy/kubernetes/helm/sloth/templates/deployment.yaml index b945ee66..cd430b94 100644 --- a/deploy/kubernetes/helm/sloth/templates/deployment.yaml +++ b/deploy/kubernetes/helm/sloth/templates/deployment.yaml @@ -23,6 +23,10 @@ spec: {{- end }} spec: serviceAccountName: {{ include "sloth.fullname" . }} + securityContext: + {{- with .Values.securityContext.pod }} + {{- toYaml . | nindent 8 }} + {{- end }} containers: - name: sloth image: {{ .Values.image.repository }}:{{ .Values.image.tag }} @@ -75,6 +79,10 @@ spec: mountPath: {{ .Values.customSloConfig.path }} {{- end }} {{- end }} + securityContext: + {{- with .Values.securityContext.container }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: limits: memory: 150Mi @@ -97,6 +105,10 @@ spec: - name: sloth-common-sli-plugins # Default path for git-sync. mountPath: /tmp/git + securityContext: + {{- with .Values.securityContext.container }} + {{- toYaml . | nindent 12 }} + {{- end }} resources: limits: memory: 100Mi diff --git a/deploy/kubernetes/helm/sloth/values.yaml b/deploy/kubernetes/helm/sloth/values.yaml index 9ccf55fc..9db06296 100644 --- a/deploy/kubernetes/helm/sloth/values.yaml +++ b/deploy/kubernetes/helm/sloth/values.yaml @@ -42,4 +42,19 @@ customSloConfig: # - key: kubernetes.azure.com/scalesetpriority # operator: Equal # value: spot -# effect: NoSchedule \ No newline at end of file +# effect: NoSchedule + +# add securityContext for pod and container level +securityContext: + pod: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 100 + fsGroup: 100 + supplementalGroups: + - 100 + container: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL From 4f08ce25ef6d9f83453a9ade073c094c163d73a0 Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Mon, 24 Oct 2022 12:06:56 +0200 Subject: [PATCH 2/8] feat: adding tests for securityContext --- .../helm/sloth/tests/helm_chart_test.go | 59 +++++++++++ .../output/deployment_securityContext.yaml | 97 +++++++++++++++++++ .../helm/sloth/tests/values_test.go | 19 ++++ deploy/kubernetes/helm/sloth/values.yaml | 14 +-- 4 files changed, 177 insertions(+), 12 deletions(-) create mode 100644 deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml diff --git a/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go b/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go index 1b678ec7..d042e447 100644 --- a/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go +++ b/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go @@ -373,3 +373,62 @@ func TestChartConfigMap(t *testing.T) { }) } } + +func TestChartSecurityContext(t *testing.T) { + tests := map[string]struct { + name string + namespace string + values func() map[string]interface{} + expErr bool + expTplFile string + }{ + "A chart without security values should render correctly.": { + name: "sloth", + namespace: "default", + values: defaultValues, + expTplFile: "testdata/output/deployment_default.yaml", + }, + + "A chart with custom security values should render correctly.": { + name: "test", + namespace: "custom", + values: func() map[string]interface{} { + v := customValues() + v["securityContext"].(msi)["enabled"] = true + + return v + }, + expTplFile: "testdata/output/deployment_securityContext.yaml", + } + } + + checksumNormalizer := regexp.MustCompile(`checksum/config: [a-z0-9]+`) + + for name, test := range tests { + t.Run(name, func(t *testing.T) { + assert := assert.New(t) + require := require.New(t) + + gotTpl, err := helm.Template(context.TODO(), helm.TemplateConfig{ + Chart: slothChart, + Namespace: test.namespace, + ReleaseName: test.name, + Values: test.values(), + ShowFiles: []string{"templates/deployment.yaml"}, + }) + + // Check. + if test.expErr { + assert.Error(err) + } else if assert.NoError(err) { + gotTpl := checksumNormalizer.ReplaceAllString(gotTpl, "checksum/config: ") + + expTpl, err := os.ReadFile(test.expTplFile) + require.NoError(err) + expTplS := strings.TrimSpace(string(expTpl)) + + assert.Equal(expTplS, normalizeVersion(gotTpl)) + } + }) + } +} \ No newline at end of file diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml new file mode 100644 index 00000000..3e56c8dc --- /dev/null +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml @@ -0,0 +1,97 @@ +--- +# Source: sloth/templates/deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sloth-test + namespace: custom + labels: + helm.sh/chart: sloth- + app.kubernetes.io/managed-by: Helm + app: sloth + app.kubernetes.io/name: sloth + app.kubernetes.io/instance: test + label-from: test +spec: + replicas: 1 + selector: + matchLabels: + app: sloth + app.kubernetes.io/name: sloth + app.kubernetes.io/instance: test + template: + metadata: + labels: + helm.sh/chart: sloth- + app.kubernetes.io/managed-by: Helm + app: sloth + app.kubernetes.io/name: sloth + app.kubernetes.io/instance: test + label-from: test + annotations: + kubectl.kubernetes.io/default-container: sloth + spec: + serviceAccountName: sloth-test + securityContext: + runAsNonRoot: true + runAsGroup: 1000 + runAsUser: 100 + fsGroup: 100 + supplementalGroups: + - 100 + containers: + - name: sloth + image: slok/sloth-test:v1.42.42 + args: + - kubernetes-controller + - --resync-interval=17m + - --workers=99 + - --namespace=somens + - --label-selector=x=y,z!=y + - --extra-labels=k1=v1 + - --extra-labels=k2=v2 + - --sli-plugins-path=/plugins + - --disable-optimized-rules + ports: + - containerPort: 8081 + name: metrics + protocol: TCP + volumeMounts: + - name: sloth-common-sli-plugins + mountPath: /plugins/sloth-common-sli-plugins + resources: + limits: + memory: 150Mi + requests: + cpu: 5m + memory: 75Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + - name: git-sync-plugins + image: k8s.gcr.io/git-sync/git-sync:v3.3.4 + args: + - --repo=https://github.com/slok/sloth-test-common-sli-plugins + - --branch=main + - --wait=30 + - --webhook-url=http://localhost:8082/-/reload + volumeMounts: + - name: sloth-common-sli-plugins + # Default path for git-sync. + mountPath: /tmp/git + resources: + limits: + memory: 100Mi + requests: + cpu: 5m + memory: 50Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + volumes: + - name: sloth-common-sli-plugins + emptyDir: {} diff --git a/deploy/kubernetes/helm/sloth/tests/values_test.go b/deploy/kubernetes/helm/sloth/tests/values_test.go index 08a9e35a..3351f1ec 100644 --- a/deploy/kubernetes/helm/sloth/tests/values_test.go +++ b/deploy/kubernetes/helm/sloth/tests/values_test.go @@ -50,5 +50,24 @@ func customValues() msi { "customKey": "customValue", }, }, + + "securityContext": msi{ + "pod": msi{ + "runAsNonRoot": true + "runAsGroup": 1000 + "runAsUser": 100 + "fsGroup": 100 + "supplementalGroups": msi{ + "100", + }, + }, + "container": msi{ + "allowPrivilegeEscalation": false + "capabilities": + "drop": msi{ + "ALL", + }, + }, + }, } } diff --git a/deploy/kubernetes/helm/sloth/values.yaml b/deploy/kubernetes/helm/sloth/values.yaml index 9db06296..d6070023 100644 --- a/deploy/kubernetes/helm/sloth/values.yaml +++ b/deploy/kubernetes/helm/sloth/values.yaml @@ -46,15 +46,5 @@ customSloConfig: # add securityContext for pod and container level securityContext: - pod: - runAsNonRoot: true - runAsGroup: 1000 - runAsUser: 100 - fsGroup: 100 - supplementalGroups: - - 100 - container: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL + pod: {} + container: {} From f3c2c646cc562469e7729b31739ad025f357e1e0 Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Mon, 24 Oct 2022 12:09:45 +0200 Subject: [PATCH 3/8] feat: correcting deployments_securityContext --- .../output/deployment_securityContext.yaml | 25 ++++++------------- 1 file changed, 8 insertions(+), 17 deletions(-) diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml index 3e56c8dc..36c97003 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml @@ -3,22 +3,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: sloth-test - namespace: custom + name: sloth + namespace: default labels: helm.sh/chart: sloth- app.kubernetes.io/managed-by: Helm app: sloth app.kubernetes.io/name: sloth - app.kubernetes.io/instance: test - label-from: test + app.kubernetes.io/instance: sloth spec: replicas: 1 selector: matchLabels: app: sloth app.kubernetes.io/name: sloth - app.kubernetes.io/instance: test + app.kubernetes.io/instance: sloth template: metadata: labels: @@ -26,12 +25,11 @@ spec: app.kubernetes.io/managed-by: Helm app: sloth app.kubernetes.io/name: sloth - app.kubernetes.io/instance: test - label-from: test + app.kubernetes.io/instance: sloth annotations: kubectl.kubernetes.io/default-container: sloth spec: - serviceAccountName: sloth-test + serviceAccountName: sloth securityContext: runAsNonRoot: true runAsGroup: 1000 @@ -41,17 +39,10 @@ spec: - 100 containers: - name: sloth - image: slok/sloth-test:v1.42.42 + image: ghcr.io/slok/sloth:v0.10.0 args: - kubernetes-controller - - --resync-interval=17m - - --workers=99 - - --namespace=somens - - --label-selector=x=y,z!=y - - --extra-labels=k1=v1 - - --extra-labels=k2=v2 - --sli-plugins-path=/plugins - - --disable-optimized-rules ports: - containerPort: 8081 name: metrics @@ -73,7 +64,7 @@ spec: - name: git-sync-plugins image: k8s.gcr.io/git-sync/git-sync:v3.3.4 args: - - --repo=https://github.com/slok/sloth-test-common-sli-plugins + - --repo=https://github.com/slok/sloth-common-sli-plugins - --branch=main - --wait=30 - --webhook-url=http://localhost:8082/-/reload From fe101240206d8d88c111e24bb76bf9b4459ebdf1 Mon Sep 17 00:00:00 2001 From: ChrisFraun Date: Mon, 24 Oct 2022 13:48:56 +0200 Subject: [PATCH 4/8] Update helm_chart_test.go --- deploy/kubernetes/helm/sloth/tests/helm_chart_test.go | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go b/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go index d042e447..8b99c1a1 100644 --- a/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go +++ b/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go @@ -399,7 +399,7 @@ func TestChartSecurityContext(t *testing.T) { return v }, expTplFile: "testdata/output/deployment_securityContext.yaml", - } + }, } checksumNormalizer := regexp.MustCompile(`checksum/config: [a-z0-9]+`) @@ -431,4 +431,4 @@ func TestChartSecurityContext(t *testing.T) { } }) } -} \ No newline at end of file +} From db1e864ce94ee6a70b2b83311072222a83baf3c6 Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Tue, 25 Oct 2022 10:06:36 +0200 Subject: [PATCH 5/8] refactor: adding syntax --- deploy/kubernetes/helm/sloth/tests/values_test.go | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/deploy/kubernetes/helm/sloth/tests/values_test.go b/deploy/kubernetes/helm/sloth/tests/values_test.go index 3351f1ec..93337d33 100644 --- a/deploy/kubernetes/helm/sloth/tests/values_test.go +++ b/deploy/kubernetes/helm/sloth/tests/values_test.go @@ -53,16 +53,16 @@ func customValues() msi { "securityContext": msi{ "pod": msi{ - "runAsNonRoot": true - "runAsGroup": 1000 - "runAsUser": 100 - "fsGroup": 100 + "runAsNonRoot": true, + "runAsGroup": 1000, + "runAsUser": 100, + "fsGroup": 100, "supplementalGroups": msi{ "100", }, }, "container": msi{ - "allowPrivilegeEscalation": false + "allowPrivilegeEscalation": false, "capabilities": "drop": msi{ "ALL", From b178cb3a6e235f762a6454e5deb4e0122d72826c Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Tue, 25 Oct 2022 14:47:06 +0200 Subject: [PATCH 6/8] fix: change testdata output --- .../helm/sloth/tests/helm_chart_test.go | 6 +-- .../testdata/output/deployment_custom.yaml | 3 ++ .../output/deployment_custom_no_extras.yaml | 2 + .../output/deployment_custom_slo_config.yaml | 2 + .../testdata/output/deployment_default.yaml | 3 ++ .../output/deployment_securityContext.yaml | 37 +++++++++---------- .../helm/sloth/tests/values_test.go | 23 ++++++------ 7 files changed, 42 insertions(+), 34 deletions(-) diff --git a/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go b/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go index 8b99c1a1..0cc0423e 100644 --- a/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go +++ b/deploy/kubernetes/helm/sloth/tests/helm_chart_test.go @@ -390,10 +390,10 @@ func TestChartSecurityContext(t *testing.T) { }, "A chart with custom security values should render correctly.": { - name: "test", - namespace: "custom", + name: "test", + namespace: "custom", values: func() map[string]interface{} { - v := customValues() + v := securityValues() v["securityContext"].(msi)["enabled"] = true return v diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml index 9352e5ae..124b920c 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml @@ -32,6 +32,7 @@ spec: kubectl.kubernetes.io/default-container: sloth spec: serviceAccountName: sloth-test + securityContext: containers: - name: sloth image: slok/sloth-test:v1.42.42 @@ -52,6 +53,7 @@ spec: volumeMounts: - name: sloth-common-sli-plugins mountPath: /plugins/sloth-common-sli-plugins + securityContext: resources: limits: memory: 150Mi @@ -69,6 +71,7 @@ spec: - name: sloth-common-sli-plugins # Default path for git-sync. mountPath: /tmp/git + securityContext: resources: limits: memory: 100Mi diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml index ab95a140..00266145 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml @@ -32,6 +32,7 @@ spec: kubectl.kubernetes.io/default-container: sloth spec: serviceAccountName: sloth-test + securityContext: containers: - name: sloth image: slok/sloth-test:v1.42.42 @@ -44,6 +45,7 @@ spec: - --extra-labels=k1=v1 - --extra-labels=k2=v2 - --disable-optimized-rules + securityContext: resources: limits: memory: 150Mi diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml index 7afc6599..6c92a7a4 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml @@ -33,6 +33,7 @@ spec: checksum/config: spec: serviceAccountName: sloth-test + securityContext: containers: - name: sloth image: slok/sloth-test:v1.42.42 @@ -53,6 +54,7 @@ spec: volumeMounts: - name: sloth-windows mountPath: /windows + securityContext: resources: limits: memory: 150Mi diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml index 49802fbe..989cb2e0 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml @@ -30,6 +30,7 @@ spec: kubectl.kubernetes.io/default-container: sloth spec: serviceAccountName: sloth + securityContext: containers: - name: sloth image: ghcr.io/slok/sloth:v0.10.0 @@ -43,6 +44,7 @@ spec: volumeMounts: - name: sloth-common-sli-plugins mountPath: /plugins/sloth-common-sli-plugins + securityContext: resources: limits: memory: 150Mi @@ -60,6 +62,7 @@ spec: - name: sloth-common-sli-plugins # Default path for git-sync. mountPath: /tmp/git + securityContext: resources: limits: memory: 100Mi diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml index 36c97003..9a887053 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml @@ -3,21 +3,21 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: sloth - namespace: default + name: sloth-test + namespace: custom labels: helm.sh/chart: sloth- app.kubernetes.io/managed-by: Helm app: sloth app.kubernetes.io/name: sloth - app.kubernetes.io/instance: sloth + app.kubernetes.io/instance: test spec: replicas: 1 selector: matchLabels: app: sloth app.kubernetes.io/name: sloth - app.kubernetes.io/instance: sloth + app.kubernetes.io/instance: test template: metadata: labels: @@ -25,18 +25,17 @@ spec: app.kubernetes.io/managed-by: Helm app: sloth app.kubernetes.io/name: sloth - app.kubernetes.io/instance: sloth + app.kubernetes.io/instance: test annotations: kubectl.kubernetes.io/default-container: sloth spec: - serviceAccountName: sloth + serviceAccountName: sloth-test securityContext: - runAsNonRoot: true + fsGroup: 100 runAsGroup: 1000 + runAsNonRoot: true runAsUser: 100 - fsGroup: 100 - supplementalGroups: - - 100 + supplementalGroups: "100" containers: - name: sloth image: ghcr.io/slok/sloth:v0.10.0 @@ -50,17 +49,16 @@ spec: volumeMounts: - name: sloth-common-sli-plugins mountPath: /plugins/sloth-common-sli-plugins + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ALL resources: limits: memory: 150Mi requests: cpu: 5m memory: 75Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL - name: git-sync-plugins image: k8s.gcr.io/git-sync/git-sync:v3.3.4 args: @@ -72,17 +70,16 @@ spec: - name: sloth-common-sli-plugins # Default path for git-sync. mountPath: /tmp/git + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ALL resources: limits: memory: 100Mi requests: cpu: 5m memory: 50Mi - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - ALL volumes: - name: sloth-common-sli-plugins emptyDir: {} diff --git a/deploy/kubernetes/helm/sloth/tests/values_test.go b/deploy/kubernetes/helm/sloth/tests/values_test.go index 93337d33..5061a489 100644 --- a/deploy/kubernetes/helm/sloth/tests/values_test.go +++ b/deploy/kubernetes/helm/sloth/tests/values_test.go @@ -50,22 +50,23 @@ func customValues() msi { "customKey": "customValue", }, }, + } +} +func securityValues() msi { + return msi{ "securityContext": msi{ "pod": msi{ - "runAsNonRoot": true, - "runAsGroup": 1000, - "runAsUser": 100, - "fsGroup": 100, - "supplementalGroups": msi{ - "100", - }, + "runAsNonRoot": true, + "runAsGroup": 1000, + "runAsUser": 100, + "fsGroup": 100, + "supplementalGroups": "100", }, - "container": msi{ + "container": msi{ "allowPrivilegeEscalation": false, - "capabilities": - "drop": msi{ - "ALL", + "capabilities": msi{ + "drop": "ALL", }, }, }, From 67606b3a3a6eea35819f10e3416d53614dde53e8 Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Tue, 25 Oct 2022 21:48:11 +0200 Subject: [PATCH 7/8] fix: change testdata output resources, img --- .../helm/sloth/tests/testdata/output/deployment_custom.yaml | 3 ++- .../helm/sloth/tests/testdata/output/deployment_default.yaml | 5 +++-- .../tests/testdata/output/deployment_securityContext.yaml | 5 +++-- 3 files changed, 8 insertions(+), 5 deletions(-) diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml index 124b920c..2674caf2 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml @@ -61,7 +61,7 @@ spec: cpu: 5m memory: 75Mi - name: git-sync-plugins - image: k8s.gcr.io/git-sync/git-sync:v3.3.4 + image: k8s.gcr.io/git-sync/git-sync:v3.6.1 args: - --repo=https://github.com/slok/sloth-test-common-sli-plugins - --branch=main @@ -74,6 +74,7 @@ spec: securityContext: resources: limits: + cpu: 50m memory: 100Mi requests: cpu: 5m diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml index 989cb2e0..ac84ca73 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml @@ -33,7 +33,7 @@ spec: securityContext: containers: - name: sloth - image: ghcr.io/slok/sloth:v0.10.0 + image: ghcr.io/slok/sloth:v0.11.0 args: - kubernetes-controller - --sli-plugins-path=/plugins @@ -52,7 +52,7 @@ spec: cpu: 5m memory: 75Mi - name: git-sync-plugins - image: k8s.gcr.io/git-sync/git-sync:v3.3.4 + image: k8s.gcr.io/git-sync/git-sync:v3.6.1 args: - --repo=https://github.com/slok/sloth-common-sli-plugins - --branch=main @@ -65,6 +65,7 @@ spec: securityContext: resources: limits: + cpu: 50m memory: 100Mi requests: cpu: 5m diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml index 9a887053..ec37f3bb 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml @@ -38,7 +38,7 @@ spec: supplementalGroups: "100" containers: - name: sloth - image: ghcr.io/slok/sloth:v0.10.0 + image: ghcr.io/slok/sloth:v0.11.0 args: - kubernetes-controller - --sli-plugins-path=/plugins @@ -60,7 +60,7 @@ spec: cpu: 5m memory: 75Mi - name: git-sync-plugins - image: k8s.gcr.io/git-sync/git-sync:v3.3.4 + image: k8s.gcr.io/git-sync/git-sync:v3.6.1 args: - --repo=https://github.com/slok/sloth-common-sli-plugins - --branch=main @@ -76,6 +76,7 @@ spec: drop: ALL resources: limits: + cpu: 50m memory: 100Mi requests: cpu: 5m From 1afdf9105777a6f0861a4fabac7525cbce9a201f Mon Sep 17 00:00:00 2001 From: Christoph Fraundorfer Date: Tue, 25 Oct 2022 22:32:14 +0200 Subject: [PATCH 8/8] fix: change testdata output resources --- .../helm/sloth/tests/testdata/output/deployment_custom.yaml | 1 + .../sloth/tests/testdata/output/deployment_custom_no_extras.yaml | 1 + .../tests/testdata/output/deployment_custom_slo_config.yaml | 1 + .../helm/sloth/tests/testdata/output/deployment_default.yaml | 1 + .../sloth/tests/testdata/output/deployment_securityContext.yaml | 1 + 5 files changed, 5 insertions(+) diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml index 2674caf2..378922ef 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom.yaml @@ -56,6 +56,7 @@ spec: securityContext: resources: limits: + cpu: 50m memory: 150Mi requests: cpu: 5m diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml index 00266145..5b74316f 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_no_extras.yaml @@ -48,6 +48,7 @@ spec: securityContext: resources: limits: + cpu: 50m memory: 150Mi requests: cpu: 5m diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml index 6c92a7a4..f0974cb1 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_custom_slo_config.yaml @@ -57,6 +57,7 @@ spec: securityContext: resources: limits: + cpu: 50m memory: 150Mi requests: cpu: 5m diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml index ac84ca73..a7f23979 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_default.yaml @@ -47,6 +47,7 @@ spec: securityContext: resources: limits: + cpu: 50m memory: 150Mi requests: cpu: 5m diff --git a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml index ec37f3bb..8a8fe7f9 100644 --- a/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml +++ b/deploy/kubernetes/helm/sloth/tests/testdata/output/deployment_securityContext.yaml @@ -55,6 +55,7 @@ spec: drop: ALL resources: limits: + cpu: 50m memory: 150Mi requests: cpu: 5m