feat: container level security context

grafana · Dec 6, 2023 · 756f1f9 · 756f1f9
1 parent 8b32cfa
commit 756f1f9
Show file tree

Hide file tree

Showing 17 changed files with 766 additions and 14 deletions.
diff --git a/api/v1alpha1/k6_types.go b/api/v1alpha1/k6_types.go
@@ -39,6 +39,7 @@ type Pod struct {
 	Resources                    corev1.ResourceRequirements       `json:"resources,omitempty"`
 	ServiceAccountName           string                            `json:"serviceAccountName,omitempty"`
 	SecurityContext              corev1.PodSecurityContext         `json:"securityContext,omitempty"`
+	ContainerSecurityContext     corev1.SecurityContext            `json:"containerSecurityContext,omitempty"`
 	EnvFrom                      []corev1.EnvFromSource            `json:"envFrom,omitempty"`
 	ReadinessProbe               *corev1.Probe                     `json:"readinessProbe,omitempty"`
 	LivenessProbe                *corev1.Probe                     `json:"livenessProbe,omitempty"`

diff --git a/charts/k6-operator/Chart.yaml b/charts/k6-operator/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "0.0.11"
 description: A Helm chart to install the k6-operator
 name: k6-operator
-version: 3.2.0
+version: 3.3.0
 kubeVersion: ">=1.16.0-0"
 home: https://k6.io
 sources:

diff --git a/charts/k6-operator/README.md b/charts/k6-operator/README.md
@@ -1,6 +1,6 @@
 # k6-operator
 
-![Version: 3.1.0](https://img.shields.io/badge/Version-3.1.0-informational?style=flat-square) ![AppVersion: 0.0.11](https://img.shields.io/badge/AppVersion-0.0.11-informational?style=flat-square)
+![Version: 3.3.0](https://img.shields.io/badge/Version-3.3.0-informational?style=flat-square) ![AppVersion: 0.0.11](https://img.shields.io/badge/AppVersion-0.0.11-informational?style=flat-square)
 
 A Helm chart to install the k6-operator
 

diff --git a/charts/k6-operator/templates/crds/k6.yaml b/charts/k6-operator/templates/crds/k6.yaml
@@ -884,6 +884,67 @@ spec:
                             type: string
                         type: object
                     type: object
+                  containerSecurityContext:
+                    properties:
+                      allowPrivilegeEscalation:
+                        type: boolean
+                      capabilities:
+                        properties:
+                          add:
+                            items:
+                              type: string
+                            type: array
+                          drop:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        type: boolean
+                      procMount:
+                        type: string
+                      readOnlyRootFilesystem:
+                        type: boolean
+                      runAsGroup:
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        type: boolean
+                      runAsUser:
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        properties:
+                          level:
+                            type: string
+                          role:
+                            type: string
+                          type:
+                            type: string
+                          user:
+                            type: string
+                        type: object
+                      seccompProfile:
+                        properties:
+                          localhostProfile:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        properties:
+                          gmsaCredentialSpec:
+                            type: string
+                          gmsaCredentialSpecName:
+                            type: string
+                          hostProcess:
+                            type: boolean
+                          runAsUserName:
+                            type: string
+                        type: object                    
+                    type: object  
                   serviceAccountName:
                     type: string
                   tolerations:
@@ -2479,6 +2540,67 @@ spec:
                             type: string
                         type: object
                     type: object
+                  containerSecurityContext:
+                    properties:
+                      allowPrivilegeEscalation:
+                        type: boolean
+                      capabilities:
+                        properties:
+                          add:
+                            items:
+                              type: string
+                            type: array
+                          drop:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        type: boolean
+                      procMount:
+                        type: string
+                      readOnlyRootFilesystem:
+                        type: boolean
+                      runAsGroup:
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        type: boolean
+                      runAsUser:
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        properties:
+                          level:
+                            type: string
+                          role:
+                            type: string
+                          type:
+                            type: string
+                          user:
+                            type: string
+                        type: object
+                      seccompProfile:
+                        properties:
+                          localhostProfile:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        properties:
+                          gmsaCredentialSpec:
+                            type: string
+                          gmsaCredentialSpecName:
+                            type: string
+                          hostProcess:
+                            type: boolean
+                          runAsUserName:
+                            type: string
+                        type: object                    
+                    type: object 
                   serviceAccountName:
                     type: string
                   tolerations:
@@ -4096,6 +4218,67 @@ spec:
                             type: string
                         type: object
                     type: object
+                  containerSecurityContext:
+                    properties:
+                      allowPrivilegeEscalation:
+                        type: boolean
+                      capabilities:
+                        properties:
+                          add:
+                            items:
+                              type: string
+                            type: array
+                          drop:
+                            items:
+                              type: string
+                            type: array
+                        type: object
+                      privileged:
+                        type: boolean
+                      procMount:
+                        type: string
+                      readOnlyRootFilesystem:
+                        type: boolean
+                      runAsGroup:
+                        format: int64
+                        type: integer
+                      runAsNonRoot:
+                        type: boolean
+                      runAsUser:
+                        format: int64
+                        type: integer
+                      seLinuxOptions:
+                        properties:
+                          level:
+                            type: string
+                          role:
+                            type: string
+                          type:
+                            type: string
+                          user:
+                            type: string
+                        type: object
+                      seccompProfile:
+                        properties:
+                          localhostProfile:
+                            type: string
+                          type:
+                            type: string
+                        required:
+                        - type
+                        type: object
+                      windowsOptions:
+                        properties:
+                          gmsaCredentialSpec:
+                            type: string
+                          gmsaCredentialSpecName:
+                            type: string
+                          hostProcess:
+                            type: boolean
+                          runAsUserName:
+                            type: string
+                        type: object                    
+                    type: object 
                   serviceAccountName:
                     type: string
                   tolerations: