Minor Helm chart dependency updates and security improvements

2022-08-25 02:34:02 +02:00
parent 001bc9c57a
commit 68e64f2f33
9 changed files with 90 additions and 63 deletions
--- a/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml
+++ b/charts/hapi-fhir-jpaserver/templates/tests/test-endpoints.yaml
@@ -11,17 +11,13 @@ spec:
  restartPolicy: Never
  containers:
    - name: test-metadata-endpoint
-      image: busybox:1
-      command: ['wget', '-O', '-']
-      args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata']
+      image: docker.io/curlimages/curl:7.84.0@sha256:5a2a25d96aa941ea2fc47acc50122f7c3d007399a075df61a82d6d2c3a567a2b
+      command: ["curl", "--fail-with-body"]
+      args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/metadata?_summary=true"]
+      {{- with .Values.restrictedContainerSecurityContext }}
      securityContext:
-        allowPrivilegeEscalation: false
-        capabilities:
-          drop:
-            - ALL
-        readOnlyRootFilesystem: true
-        runAsUser: 22222
-        runAsNonRoot: true
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      resources:
        limits:
          cpu: 100m
@@ -36,17 +32,34 @@ spec:
        exec:
          command: ["true"]
    - name: test-patient-endpoint
-      image: busybox:1
-      command: ['wget', '-O', '-']
-      args: ['http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1']
+      image: docker.io/curlimages/curl:7.84.0@sha256:5a2a25d96aa941ea2fc47acc50122f7c3d007399a075df61a82d6d2c3a567a2b
+      command: ["curl", "--fail-with-body"]
+      args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.service.port }}/fhir/Patient?_count=1&_summary=true"]
+      {{- with .Values.restrictedContainerSecurityContext }}
      securityContext:
-        allowPrivilegeEscalation: false
-        capabilities:
-          drop:
-            - ALL
-        readOnlyRootFilesystem: true
-        runAsUser: 22222
-        runAsNonRoot: true
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      resources:
+        limits:
+          cpu: 100m
+          memory: 128Mi
+        requests:
+          cpu: 100m
+          memory: 128Mi
+      livenessProbe:
+        exec:
+          command: ["true"]
+      readinessProbe:
+        exec:
+          command: ["true"]
+    - name: test-metrics-endpoint
+      image: docker.io/curlimages/curl:7.84.0@sha256:5a2a25d96aa941ea2fc47acc50122f7c3d007399a075df61a82d6d2c3a567a2b
+      command: ["curl", "--fail-with-body"]
+      args: ["http://{{ include "hapi-fhir-jpaserver.fullname" . }}:{{ .Values.metrics.service.port }}/actuator/prometheus"]
+      {{- with .Values.restrictedContainerSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
      resources:
        limits:
          cpu: 100m