Nikolai Rodionov
aabcb21f3b
Basic functionality is there, helmule can mirror helm chart with small modifications
90 lines
2.6 KiB
YAML
90 lines
2.6 KiB
YAML
---
|
|
name: Replace image repository in values
|
|
targets:
|
|
- values.yaml
|
|
before: |-
|
|
image:
|
|
repository: ghcr.io/project-zot/zot-linux-amd64
|
|
pullPolicy: IfNotPresent
|
|
# Overrides the image tag whose default is the chart appVersion.
|
|
tag: "v2.0.0"
|
|
after: |-
|
|
image:
|
|
repository: gsoci/dummy/zot-linux
|
|
pullPolicy: Always
|
|
tag: ""
|
|
---
|
|
name: Fix security policies in the deployment
|
|
targets:
|
|
- templates/deployment.yaml
|
|
before: |-
|
|
\{\{- toYaml .Values.podSecurityContext .*
|
|
after: |-
|
|
fsGroup: 1337
|
|
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
|
{{- with .Values.podSeccompProfile }}
|
|
seccompProfile:
|
|
{{- . | toYaml | nindent 10 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
---
|
|
name: Fix security policies in container
|
|
targets:
|
|
- templates/deployment.yaml
|
|
before: |-
|
|
\{\{- toYaml .Values.securityContext .*
|
|
after: |-
|
|
{{- with .Values.containerSecurityContext }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 100
|
|
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
|
{{- with .Values.seccompProfile }}
|
|
seccompProfile:
|
|
{{- . | toYaml | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
---
|
|
name: Fix security policies in test jobs
|
|
targets:
|
|
- templates/tests/test-connection-fails.yaml
|
|
- templates/tests/test-connection.yaml
|
|
before: |-
|
|
spec:
|
|
containers:
|
|
after: |-
|
|
spec:
|
|
securityContext:
|
|
fsGroup: 1337
|
|
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
|
{{- with .Values.podSeccompProfile }}
|
|
seccompProfile:
|
|
{{- . | toYaml | nindent 10 }}
|
|
{{- end }}
|
|
{{- end }}
|
|
containers:
|
|
---
|
|
name: Fix security policies in test jobs containers
|
|
targets:
|
|
- templates/tests/test-connection-fails.yaml
|
|
- templates/tests/test-connection.yaml
|
|
before: |-
|
|
containers:
|
|
- name: wget
|
|
after: |-
|
|
containers:
|
|
- name: wget
|
|
securityContext:
|
|
{{- with .Values.containerSecurityContext }}
|
|
{{- . | toYaml | nindent 12 }}
|
|
{{- end }}
|
|
readOnlyRootFilesystem: true
|
|
runAsUser: 100
|
|
{{- if ge (int .Capabilities.KubeVersion.Minor) 19 }}
|
|
{{- with .Values.seccompProfile }}
|
|
seccompProfile:
|
|
{{- . | toYaml | nindent 14 }}
|
|
{{- end }}
|
|
{{- end }}
|