From 8e2f999e83cd952a88fc6656028681df92e54fb6 Mon Sep 17 00:00:00 2001
From: Jordan Olachea <jordanolachea@cloudfitsoftware.com>
Date: Fri, 19 Aug 2022 20:40:22 +0000
Subject: [PATCH] EK Init Container drop capabilities and logging chart bump
---
.../logging/elasticsearch-kibana/values.yaml | 117 +++++++++++++++++-
chart/values.yaml | 2 +-
2 files changed, 116 insertions(+), 3 deletions(-)
diff --git a/chart/templates/logging/elasticsearch-kibana/values.yaml b/chart/templates/logging/elasticsearch-kibana/values.yaml
index 1c84f60acd..3ef746a5ce 100644
--- a/chart/templates/logging/elasticsearch-kibana/values.yaml
+++ b/chart/templates/logging/elasticsearch-kibana/values.yaml
@@ -72,21 +72,134 @@ kibana:
elasticsearch:
imagePullSecrets:
- name: private-registry
-{{- if .Values.istio.enabled }}
master:
+ initContainers:
+ - name: elastic-internal-init-filesystem
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - name: elastic-internal-suspend
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- if .Values.sso.enabled }}
+ - name: elastic-internal-init-keystore
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- end }}
+ {{- if .Values.istio.enabled }}
podAnnotations:
{{ include "istioAnnotation" . }}
+ {{- end }}
data:
+ initContainers:
+ - name: elastic-internal-init-filesystem
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - name: elastic-internal-suspend
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- if .Values.sso.enabled }}
+ - name: elastic-internal-init-keystore
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- end }}
+ {{- if .Values.istio.enabled }}
podAnnotations:
{{ include "istioAnnotation" . }}
+ {{- end }}
ingest:
+ initContainers:
+ - name: elastic-internal-init-filesystem
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - name: elastic-internal-suspend
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- if .Values.sso.enabled }}
+ - name: elastic-internal-init-keystore
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- end }}
+ {{- if .Values.istio.enabled }}
podAnnotations:
{{ include "istioAnnotation" . }}
+ {{- end }}
ml:
+ initContainers:
+ - name: elastic-internal-init-filesystem
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - name: elastic-internal-suspend
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- if .Values.sso.enabled }}
+ - name: elastic-internal-init-keystore
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- end }}
+ {{- if .Values.istio.enabled }}
podAnnotations:
{{ include "istioAnnotation" . }}
+ {{- end }}
coord:
+ initContainers:
+ - name: elastic-internal-init-filesystem
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ - name: elastic-internal-suspend
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- if .Values.sso.enabled }}
+ - name: elastic-internal-init-keystore
+ securityContext:
+ privileged: false
+ capabilities:
+ drop:
+ - ALL
+ {{- end }}
+ {{- if .Values.istio.enabled }}
podAnnotations:
{{ include "istioAnnotation" . }}
-{{- end }}
+ {{- end }}
{{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index 7c0a914e93..eaf0153db6 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -418,7 +418,7 @@ logging:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
path: "./chart"
- tag: "0.9.0-bb.0"
+ tag: "0.9.0-bb.1"
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
--
GitLab