helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard

Published 20 hours ago verified publisher icon cloudflare

fix(cloudflare-tunnel-remote/charts): apply securityContext from values.yaml

Open bryopsida opened this issue 1 year ago • 1 comments

What

The charts/cloudflare-tunnel-remote chart defines values for securityContext:

https://github.com/cloudflare/helm-charts/blob/b85225eb49e1b0b40328c70d4541a27ec5e2b82e/charts/cloudflare-tunnel-remote/values.yaml#L35

and podSecurityContext:

https://github.com/cloudflare/helm-charts/blob/b85225eb49e1b0b40328c70d4541a27ec5e2b82e/charts/cloudflare-tunnel-remote/values.yaml#L30

but does not apply them to the pod template in deployment.

This simply maps the intended securityContext values into the appropriate locations on the template.

How to test

You can verify the template changes by running helm template . inside the remote chart directory.

Evidence

 spec:
      serviceAccountName: release-name-cloudflare-tunnel
      securityContext:
        runAsNonRoot: true
        runAsUser: 65532
      containers:
        - name: cloudflare-tunnel
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
              - ALL
            readOnlyRootFilesystem: true
          image: "cloudflare/cloudflared:2023.5.1"

bryopsida avatar Feb 17 '24 01:02 bryopsida

Looks like there's overlap between this and https://github.com/cloudflare/helm-charts/pull/65.

bryopsida avatar Feb 17 '24 01:02 bryopsida