ISSUE-761: Add containerSecurityPolicy to clustering-service deployment

(pegasystems#761)
rbogendoerfer · Sep 9, 2024 · 1256f6f · 1256f6f
1 parent e53c8c2
commit 1256f6f
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 0 deletions.
diff --git a/charts/pega/charts/hazelcast/templates/clustering-service-deployment.yaml b/charts/pega/charts/hazelcast/templates/clustering-service-deployment.yaml
@@ -40,6 +40,10 @@ spec:
         envFrom:
         - configMapRef:
             name: {{ template "clusteringServiceEnvironmentConfig" }}
+{{- if .Values.containerSecurityContext }}
+        securityContext:
+{{ toYaml .Values.containerSecurityContext | indent 10 }}
+{{-  end }}
         resources:
           requests:
             cpu: "{{ .Values.resources.requests.cpu }}"

diff --git a/charts/pega/charts/hazelcast/values.yaml b/charts/pega/charts/hazelcast/values.yaml
@@ -62,3 +62,7 @@ server:
 # Apply securityContext to clustering service pods. For example to set `runAsUser: 1000`:
 # securityContext:
 #   runAsUser: 1000
+
+# Apply securityContext to clustering service containers. For example to set `allowPrivilegeEscalation: false`:
+# containerSecurityContext:
+#   allowPrivilegeEscalation: false
diff --git a/charts/pega/values.yaml b/charts/pega/values.yaml
@@ -610,6 +610,13 @@ hazelcast:
   # Enter the external secret for these credentials below.
   external_secret_name: ""
 
+  # Apply securityContext to clustering service pods. For example to set `runAsUser: 1000`:
+  # securityContext:
+  #   runAsUser: 1000
+  # Apply securityContext to clustering service containers. For example to set `allowPrivilegeEscalation: false`:
+  # containerSecurityContext:
+  #   allowPrivilegeEscalation: false
+
 # Stream (externalized Kafka service) settings.
 stream:
   # Beginning with Pega Platform '23, enabled by default; when disabled, your deployment does not use a"Kafka stream service" configuration.