Skip to content

Commit d9ff87d

Browse files
NimJayNimJay
committed
Release v0.3.9
1 parent 6238a58 commit d9ff87d

File tree

1 file changed

+156
-12
lines changed

1 file changed

+156
-12
lines changed

release/kubernetes-manifests.yaml

Lines changed: 156 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -33,9 +33,21 @@ spec:
3333
spec:
3434
serviceAccountName: default
3535
terminationGracePeriodSeconds: 5
36+
securityContext:
37+
fsGroup: 1000
38+
runAsGroup: 1000
39+
runAsNonRoot: true
40+
runAsUser: 1000
3641
containers:
3742
- name: server
38-
image: gcr.io/google-samples/microservices-demo/emailservice:v0.3.8
43+
securityContext:
44+
allowPrivilegeEscalation: false
45+
capabilities:
46+
drop:
47+
- all
48+
privileged: false
49+
readOnlyRootFilesystem: true
50+
image: gcr.io/google-samples/microservices-demo/emailservice:v0.3.9
3951
ports:
4052
- containerPort: 8080
4153
env:
@@ -88,9 +100,21 @@ spec:
88100
app: checkoutservice
89101
spec:
90102
serviceAccountName: default
103+
securityContext:
104+
fsGroup: 1000
105+
runAsGroup: 1000
106+
runAsNonRoot: true
107+
runAsUser: 1000
91108
containers:
92109
- name: server
93-
image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.3.8
110+
securityContext:
111+
allowPrivilegeEscalation: false
112+
capabilities:
113+
drop:
114+
- all
115+
privileged: false
116+
readOnlyRootFilesystem: true
117+
image: gcr.io/google-samples/microservices-demo/checkoutservice:v0.3.9
94118
ports:
95119
- containerPort: 5050
96120
readinessProbe:
@@ -158,9 +182,21 @@ spec:
158182
spec:
159183
serviceAccountName: default
160184
terminationGracePeriodSeconds: 5
185+
securityContext:
186+
fsGroup: 1000
187+
runAsGroup: 1000
188+
runAsNonRoot: true
189+
runAsUser: 1000
161190
containers:
162191
- name: server
163-
image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.3.8
192+
securityContext:
193+
allowPrivilegeEscalation: false
194+
capabilities:
195+
drop:
196+
- all
197+
privileged: false
198+
readOnlyRootFilesystem: true
199+
image: gcr.io/google-samples/microservices-demo/recommendationservice:v0.3.9
164200
ports:
165201
- containerPort: 8080
166202
readinessProbe:
@@ -219,9 +255,21 @@ spec:
219255
sidecar.istio.io/rewriteAppHTTPProbers: "true"
220256
spec:
221257
serviceAccountName: default
258+
securityContext:
259+
fsGroup: 1000
260+
runAsGroup: 1000
261+
runAsNonRoot: true
262+
runAsUser: 1000
222263
containers:
223264
- name: server
224-
image: gcr.io/google-samples/microservices-demo/frontend:v0.3.8
265+
securityContext:
266+
allowPrivilegeEscalation: false
267+
capabilities:
268+
drop:
269+
- all
270+
privileged: false
271+
readOnlyRootFilesystem: true
272+
image: gcr.io/google-samples/microservices-demo/frontend:v0.3.9
225273
ports:
226274
- containerPort: 8080
227275
readinessProbe:
@@ -318,9 +366,21 @@ spec:
318366
spec:
319367
serviceAccountName: default
320368
terminationGracePeriodSeconds: 5
369+
securityContext:
370+
fsGroup: 1000
371+
runAsGroup: 1000
372+
runAsNonRoot: true
373+
runAsUser: 1000
321374
containers:
322375
- name: server
323-
image: gcr.io/google-samples/microservices-demo/paymentservice:v0.3.8
376+
securityContext:
377+
allowPrivilegeEscalation: false
378+
capabilities:
379+
drop:
380+
- all
381+
privileged: false
382+
readOnlyRootFilesystem: true
383+
image: gcr.io/google-samples/microservices-demo/paymentservice:v0.3.9
324384
ports:
325385
- containerPort: 50051
326386
env:
@@ -374,9 +434,21 @@ spec:
374434
spec:
375435
serviceAccountName: default
376436
terminationGracePeriodSeconds: 5
437+
securityContext:
438+
fsGroup: 1000
439+
runAsGroup: 1000
440+
runAsNonRoot: true
441+
runAsUser: 1000
377442
containers:
378443
- name: server
379-
image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.3.8
444+
securityContext:
445+
allowPrivilegeEscalation: false
446+
capabilities:
447+
drop:
448+
- all
449+
privileged: false
450+
readOnlyRootFilesystem: true
451+
image: gcr.io/google-samples/microservices-demo/productcatalogservice:v0.3.9
380452
ports:
381453
- containerPort: 3550
382454
env:
@@ -432,9 +504,21 @@ spec:
432504
spec:
433505
serviceAccountName: default
434506
terminationGracePeriodSeconds: 5
507+
securityContext:
508+
fsGroup: 1000
509+
runAsGroup: 1000
510+
runAsNonRoot: true
511+
runAsUser: 1000
435512
containers:
436513
- name: server
437-
image: gcr.io/google-samples/microservices-demo/cartservice:v0.3.8
514+
securityContext:
515+
allowPrivilegeEscalation: false
516+
capabilities:
517+
drop:
518+
- all
519+
privileged: false
520+
readOnlyRootFilesystem: true
521+
image: gcr.io/google-samples/microservices-demo/cartservice:v0.3.9
438522
ports:
439523
- containerPort: 7070
440524
env:
@@ -489,6 +573,11 @@ spec:
489573
serviceAccountName: default
490574
terminationGracePeriodSeconds: 5
491575
restartPolicy: Always
576+
securityContext:
577+
fsGroup: 1000
578+
runAsGroup: 1000
579+
runAsNonRoot: true
580+
runAsUser: 1000
492581
initContainers:
493582
- command:
494583
- /bin/sh
@@ -507,7 +596,14 @@ spec:
507596
value: "frontend:80"
508597
containers:
509598
- name: main
510-
image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.3.8
599+
securityContext:
600+
allowPrivilegeEscalation: false
601+
capabilities:
602+
drop:
603+
- all
604+
privileged: false
605+
readOnlyRootFilesystem: true
606+
image: gcr.io/google-samples/microservices-demo/loadgenerator:v0.3.9
511607
env:
512608
- name: FRONTEND_ADDR
513609
value: "frontend:80"
@@ -536,9 +632,21 @@ spec:
536632
spec:
537633
serviceAccountName: default
538634
terminationGracePeriodSeconds: 5
635+
securityContext:
636+
fsGroup: 1000
637+
runAsGroup: 1000
638+
runAsNonRoot: true
639+
runAsUser: 1000
539640
containers:
540641
- name: server
541-
image: gcr.io/google-samples/microservices-demo/currencyservice:v0.3.8
642+
securityContext:
643+
allowPrivilegeEscalation: false
644+
capabilities:
645+
drop:
646+
- all
647+
privileged: false
648+
readOnlyRootFilesystem: true
649+
image: gcr.io/google-samples/microservices-demo/currencyservice:v0.3.9
542650
ports:
543651
- name: grpc
544652
containerPort: 7000
@@ -592,9 +700,21 @@ spec:
592700
app: shippingservice
593701
spec:
594702
serviceAccountName: default
703+
securityContext:
704+
fsGroup: 1000
705+
runAsGroup: 1000
706+
runAsNonRoot: true
707+
runAsUser: 1000
595708
containers:
596709
- name: server
597-
image: gcr.io/google-samples/microservices-demo/shippingservice:v0.3.8
710+
securityContext:
711+
allowPrivilegeEscalation: false
712+
capabilities:
713+
drop:
714+
- all
715+
privileged: false
716+
readOnlyRootFilesystem: true
717+
image: gcr.io/google-samples/microservices-demo/shippingservice:v0.3.9
598718
ports:
599719
- containerPort: 50051
600720
env:
@@ -649,8 +769,20 @@ spec:
649769
labels:
650770
app: redis-cart
651771
spec:
772+
securityContext:
773+
fsGroup: 1000
774+
runAsGroup: 1000
775+
runAsNonRoot: true
776+
runAsUser: 1000
652777
containers:
653778
- name: redis
779+
securityContext:
780+
allowPrivilegeEscalation: false
781+
capabilities:
782+
drop:
783+
- all
784+
privileged: false
785+
readOnlyRootFilesystem: true
654786
image: redis:alpine
655787
ports:
656788
- containerPort: 6379
@@ -685,7 +817,7 @@ spec:
685817
selector:
686818
app: redis-cart
687819
ports:
688-
- name: redis
820+
- name: tls-redis
689821
port: 6379
690822
targetPort: 6379
691823
---
@@ -704,9 +836,21 @@ spec:
704836
spec:
705837
serviceAccountName: default
706838
terminationGracePeriodSeconds: 5
839+
securityContext:
840+
fsGroup: 1000
841+
runAsGroup: 1000
842+
runAsNonRoot: true
843+
runAsUser: 1000
707844
containers:
708845
- name: server
709-
image: gcr.io/google-samples/microservices-demo/adservice:v0.3.8
846+
securityContext:
847+
allowPrivilegeEscalation: false
848+
capabilities:
849+
drop:
850+
- all
851+
privileged: false
852+
readOnlyRootFilesystem: true
853+
image: gcr.io/google-samples/microservices-demo/adservice:v0.3.9
710854
ports:
711855
- containerPort: 9555
712856
env:

0 commit comments

Comments
 (0)