Add specific securityContext for containers in OpenShift environment. (#3693)

jshum2479 · rjeberhard · web-flow · commit 1b2f1ee1b933 · 2022-11-22T13:40:53.000-05:00
* Add specific securityContext for containers in OpenShift environment.

* Update _operator-dep.tpl

Co-authored-by: Ryan Eberhard &lt;ryan.eberhard@oracle.com&gt;
diff --git a/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl b/kubernetes/charts/weblogic-operator/templates/_operator-dep.tpl
@@ -106,6 +106,15 @@ spec:
             {{- if .memoryLimits}}
             memory: {{ .memoryLimits }}
             {{- end }}
+        {{- if (eq ( .kubernetesPlatform | default "Generic" ) "OpenShift") }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop: ["ALL"]
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+        {{- end }}            
         volumeMounts:
         - name: "weblogic-operator-cm-volume"
           mountPath: "/deployment/config"
@@ -306,6 +315,15 @@ spec:
                 {{- if .memoryLimits}}
                 memory: {{ .memoryLimits }}
                 {{- end }}
+            {{- if (eq ( .kubernetesPlatform | default "Generic") "OpenShift") }}
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                 drop: ["ALL"]
+              runAsNonRoot: true
+              seccompProfile:
+                type: RuntimeDefault
+            {{- end }}
             volumeMounts:
             - name: "weblogic-webhook-cm-volume"
               mountPath: "/deployment/config"
