diff --git a/charts/tsm-node/Chart.yaml b/charts/tsm-node/Chart.yaml index 6610a6f..f02c063 100644 --- a/charts/tsm-node/Chart.yaml +++ b/charts/tsm-node/Chart.yaml @@ -5,5 +5,5 @@ maintainers: - name: Blockdaemon email: sre@blockdaemon.com type: application -version: 0.1.1 +version: 0.1.2 appVersion: "61.0.2" diff --git a/charts/tsm-node/README.md b/charts/tsm-node/README.md index 4fdda05..05237f8 100644 --- a/charts/tsm-node/README.md +++ b/charts/tsm-node/README.md @@ -1,6 +1,6 @@ # tsm-node -![Version: 0.1.1](https://img.shields.io/badge/Version-0.1.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 61.0.2](https://img.shields.io/badge/AppVersion-61.0.2-informational?style=flat-square) +![Version: 0.1.2](https://img.shields.io/badge/Version-0.1.2-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 61.0.2](https://img.shields.io/badge/AppVersion-61.0.2-informational?style=flat-square) A Helm chart to deploy a Blockdaemon TSM node to kubernetes diff --git a/charts/tsm-node/ci/securityContext-values.yaml b/charts/tsm-node/ci/securityContext-values.yaml new file mode 100644 index 0000000..516e0ec --- /dev/null +++ b/charts/tsm-node/ci/securityContext-values.yaml @@ -0,0 +1,45 @@ +replicaCount: 1 +index: 0 + +config: + configFile: | + [Player] + Index = 0 + PrivateKey = "replace me" + + [Database] + DriverName = "sqlite3" + EncryptorMasterPassword = "ENCRYPTION_KEY" + + [SDKServer] + Port = 8080 +image: + repository: + pullPolicy: IfNotPresent + tag: "61.0.2" +sdkService: + type: NodePort + ports: + - port: 8080 + name: sdk + targetPort: 8080 + - port: 9000 + name: mpc + targetPort: 9000 + +mpcService: + enabled: false + +ingress: + enabled: false + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 2000 + allowPrivilegeEscalation: false + seccompProfile: + type: "RuntimeDefault" diff --git a/charts/tsm-node/values.yaml b/charts/tsm-node/values.yaml index 138f071..69c887a 100644 --- a/charts/tsm-node/values.yaml +++ b/charts/tsm-node/values.yaml @@ -47,7 +47,10 @@ securityContext: # - ALL # readOnlyRootFilesystem: true # runAsNonRoot: true - # runAsUser: 1000 + # runAsUser: 2000 + # allowPrivilegeEscalation: false + # seccompProfile: + # type: "RuntimeDefault" # -- The primary service definition for the TSM node sdkService: diff --git a/examples/tsm-node-multiinstance/tsm0.yaml b/examples/tsm-node-multiinstance/tsm0.yaml index 93425c7..059bf45 100644 --- a/examples/tsm-node-multiinstance/tsm0.yaml +++ b/examples/tsm-node-multiinstance/tsm0.yaml @@ -132,3 +132,14 @@ affinity: resources: requests: cpu: 14 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 2000 + allowPrivilegeEscalation: false + seccompProfile: + type: "RuntimeDefault" \ No newline at end of file diff --git a/examples/tsm-node-multiinstance/tsm1.yaml b/examples/tsm-node-multiinstance/tsm1.yaml index ffcc10d..f65d86f 100644 --- a/examples/tsm-node-multiinstance/tsm1.yaml +++ b/examples/tsm-node-multiinstance/tsm1.yaml @@ -132,3 +132,14 @@ affinity: resources: requests: cpu: 14 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 2000 + allowPrivilegeEscalation: false + seccompProfile: + type: "RuntimeDefault" \ No newline at end of file diff --git a/examples/tsm-node-multiinstance/tsm2.yaml b/examples/tsm-node-multiinstance/tsm2.yaml index a7b18e1..da7c9c5 100644 --- a/examples/tsm-node-multiinstance/tsm2.yaml +++ b/examples/tsm-node-multiinstance/tsm2.yaml @@ -133,3 +133,14 @@ affinity: resources: requests: cpu: 14 + +securityContext: + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + runAsNonRoot: true + runAsUser: 2000 + allowPrivilegeEscalation: false + seccompProfile: + type: "RuntimeDefault" \ No newline at end of file