Skip to content

Commit 666b229

Browse files
Integrating new --patch-templates for score-compose init and score-k8s init (#176)
* Update score.yaml * score-* init --patch-templates * No more kubectl patch * Update score.yaml - rollback tests
1 parent e2a232c commit 666b229

File tree

1 file changed

+7
-11
lines changed

1 file changed

+7
-11
lines changed

Makefile

Lines changed: 7 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -17,13 +17,13 @@ CONTAINER_IMAGE = ${WORKLOAD_NAME}:test
1717

1818
.score-compose/state.yaml:
1919
score-compose init \
20-
--no-sample
20+
--no-sample \
21+
--patch-templates https://raw.githubusercontent.com/score-spec/community-patchers/refs/heads/main/score-compose/unprivileged.tpl
2122

2223
compose.yaml: score/score.yaml .score-compose/state.yaml Makefile
2324
score-compose generate score/score.yaml \
2425
--build '${CONTAINER_NAME}={"context":"app/","tags":["${CONTAINER_IMAGE}"]}' \
2526
--override-property containers.${CONTAINER_NAME}.variables.MESSAGE="Hello, Compose!"
26-
echo '{"services":{"${WORKLOAD_NAME}-${CONTAINER_NAME}":{"read_only":"true","user":"65532","cap_drop":["ALL"]}}}' | yq e -P > compose.override.yaml
2727

2828
## Generate a compose.yaml file from the score spec and launch it.
2929
.PHONY: compose-up
@@ -43,15 +43,15 @@ compose-down:
4343

4444
.score-k8s/state.yaml:
4545
score-k8s init \
46-
--no-sample
46+
--no-sample \
47+
--patch-templates https://raw.githubusercontent.com/score-spec/community-patchers/refs/heads/main/score-k8s/unprivileged.tpl \
48+
--patch-templates https://raw.githubusercontent.com/score-spec/community-patchers/refs/heads/main/score-k8s/service-account.tpl
49+
4750

4851
manifests.yaml: score/score.yaml .score-k8s/state.yaml Makefile
4952
score-k8s generate score/score.yaml \
5053
--image ${CONTAINER_IMAGE} \
51-
--override-property containers.${CONTAINER_NAME}.variables.MESSAGE="Hello, Kubernetes!" \
52-
--patch-manifests 'Deployment/*/spec.template.spec.automountServiceAccountToken=false' \
53-
--patch-manifests 'Deployment/*/spec.template.spec.securityContext={"fsGroup":65532,"runAsGroup":65532,"runAsNonRoot":true,"runAsUser":65532,"seccompProfile":{"type":"RuntimeDefault"}}'
54-
echo '{"spec":{"template":{"spec":{"containers":[{"name":"${CONTAINER_NAME}","securityContext":{"allowPrivilegeEscalation":false,"privileged": false,"readOnlyRootFilesystem": true,"capabilities":{"drop":["ALL"]}}}]}}}}' > deployment-patch.yaml
54+
--override-property containers.${CONTAINER_NAME}.variables.MESSAGE="Hello, Kubernetes!"
5555

5656
## Create a local Kind cluster.
5757
.PHONY: kind-create-cluster
@@ -70,10 +70,6 @@ k8s-up: manifests.yaml
7070
kubectl apply \
7171
-f manifests.yaml \
7272
-n ${NAMESPACE}
73-
kubectl patch \
74-
deployment ${WORKLOAD_NAME} \
75-
--patch-file deployment-patch.yaml \
76-
-n ${NAMESPACE}
7773
kubectl wait deployments/${WORKLOAD_NAME} \
7874
-n ${NAMESPACE} \
7975
--for condition=Available \

0 commit comments

Comments
 (0)