Start writing README

2024-01-16 19:12:03 +01:00
parent cfeadf2d12
commit 00e6f5ea6c
14 changed files with 1117 additions and 0 deletions
--- a/examples/giantswarm/patches/regexp/values-patches.yaml
+++ b/examples/giantswarm/patches/regexp/values-patches.yaml
@ -0,0 +1,89 @@
+---
+name: Replace image repository in values
+targets:
+  - values.yaml
+before: |-
+  image:
+    repository: ghcr.io/project-zot/zot-linux-amd64
+    pullPolicy: IfNotPresent
+    # Overrides the image tag whose default is the chart appVersion.
+    tag: "v2.0.0"
+after: |-
+  image:
+    repository: gsoci/dummy/zot-linux
+    pullPolicy: Always
+    tag: ""
+---
+name: Fix security policies in the deployment
+targets:
+  - templates/deployment.yaml
+before: |-
+          \{\{- toYaml .Values.podSecurityContext .*
+after: |-
+            fsGroup: 1337
+                    {{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
+                    {{- with .Values.podSeccompProfile }}
+                    seccompProfile:
+                      {{- . | toYaml | nindent 10 }}
+                    {{- end }}
+                    {{- end }}
+---
+name: Fix security policies in container
+targets:
+  - templates/deployment.yaml
+before: |-
+  \{\{- toYaml .Values.securityContext .*
+after: |-
+            {{- with .Values.containerSecurityContext }}
+                        {{- . | toYaml | nindent 12 }}
+                        {{- end }}
+                        readOnlyRootFilesystem: true
+                        runAsUser: 100
+                        {{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
+                        {{- with .Values.seccompProfile }}
+                        seccompProfile:
+                          {{- . | toYaml | nindent 14 }}
+                        {{- end }}
+                        {{- end }}
+---
+name: Fix security policies in test jobs
+targets:
+  - templates/tests/test-connection-fails.yaml
+  - templates/tests/test-connection.yaml
+before: |-
+  spec:
+    containers:
+after: |-
+  spec:
+    securityContext:
+      fsGroup: 1337
+      {{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
+      {{- with .Values.podSeccompProfile }}
+      seccompProfile:
+        {{- . | toYaml | nindent 10 }}
+      {{- end }}
+      {{- end }}
+    containers:
+---
+name: Fix security policies in test jobs containers
+targets:
+  - templates/tests/test-connection-fails.yaml
+  - templates/tests/test-connection.yaml
+before: |-
+    containers:
+        - name: wget
+after: |-
+    containers:
+        - name: wget
+          securityContext:
+            {{- with .Values.containerSecurityContext }}
+            {{- . | toYaml | nindent 12 }}
+            {{- end }}
+            readOnlyRootFilesystem: true
+            runAsUser: 100
+            {{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
+            {{- with .Values.seccompProfile }}
+            seccompProfile:
+              {{- . | toYaml | nindent 14 }}
+            {{- end }}
+            {{- end }}