Skip to content

Commit

Permalink
Merge pull request #6366 from ministryofjustice/fix/k8s-deploy-alerts
Browse files Browse the repository at this point in the history 
Fix: K8s deploy alerts
  • Loading branch information
@colinbruce
colinbruce authored Feb 15, 2024
2 parents a4ad139 + ab0776d commit 2270678
Show file tree
Hide file tree
Showing 12 changed files with 84 additions and 0 deletions.
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-admin-report.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,11 @@ spec:
requests:
cpu: 100m
memory: 1024Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-deliver-scheduled-mail.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,11 @@ spec:
requests:
cpu: 100m
memory: 128Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-destroy-purgeable.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,11 @@ spec:
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-export-digest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,11 @@ spec:
requests:
cpu: 400m
memory: 4096Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-extract-digest.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,11 @@ spec:
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-mark-purgeable.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,4 +34,11 @@ spec:
requests:
cpu: 100m
memory: 256Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-metrics.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -32,4 +32,11 @@ spec:
requests:
cpu: 100m
memory: 128Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/cronjob-reset-dashboard-overnight.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,4 +31,11 @@ spec:
requests:
cpu: 100m
memory: 128Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
restartPolicy: Never
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/deployment_metrics.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,10 @@ spec:
requests:
cpu: 10m
memory: 64Mi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
14 changes: 14 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/deployment_web.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,13 @@ spec:
requests:
cpu: 10m
memory: 1Gi
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
- name: web
image: '{{ .Values.image.repository }}:{{ .Values.image.tag }}'
imagePullPolicy: IfNotPresent
Expand All @@ -65,6 +72,13 @@ spec:
preStop:
exec:
command: [ "sh", "-c", "sleep 30" ] # Workaround for occasional lost requests - see https://github.com/puma/puma/blob/master/docs/kubernetes.md#running-puma-in-kubernetes
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
resources:
limits:
cpu: 1000m
Expand Down
7 changes: 7 additions & 0 deletions helm_deploy/apply-for-legal-aid/templates/deployment_worker.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,13 @@ spec:
imagePullPolicy: IfNotPresent
command: ['bundle', 'exec', 'sidekiq']
{{ include "apply-for-legal-aid.envs" . | nindent 10 }}
securityContext:
runAsNonRoot: true
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop: [ "ALL" ]
resources:
limits:
cpu: 500m
Expand Down
Binary file modified helm_deploy/apply-for-legal-aid/values-uat.yaml
View file
Binary file not shown.

0 comments on commit 2270678

Please sign in to comment.