From bdb626f6179544eeb08203abe648e9d7e0ad01fb Mon Sep 17 00:00:00 2001
From: Shubham Chaudhary <shubham.chaudhary@mayadata.io>
Date: Wed, 7 Oct 2020 13:42:52 +0530
Subject: [PATCH] chore(securityContext): Adding securityContext in workflows
 (#344)

Signed-off-by: shubhamchaudhary <shubham.chaudhary@mayadata.io>
---
 workflows/kube-proxy-all/workflow.yaml              | 3 +++
 workflows/kube-proxy-all/workflow_cron.yaml         | 3 +++
 workflows/namespaced-scope-chaos/workflow.yaml      | 3 +++
 workflows/namespaced-scope-chaos/workflow_cron.yaml | 3 +++
 workflows/node-cpu-hog/workflow.yaml                | 3 +++
 workflows/node-cpu-hog/workflow_cron.yaml           | 3 +++
 workflows/node-memory-hog/workflow.yaml             | 3 +++
 workflows/node-memory-hog/workflow_cron.yaml        | 3 +++
 workflows/pod-cpu-hog/workflow.yaml                 | 3 +++
 workflows/pod-cpu-hog/workflow_cron.yaml            | 3 +++
 workflows/pod-delete/workflow.yaml                  | 3 +++
 workflows/pod-delete/workflow_cron.yaml             | 3 +++
 workflows/pod-memory-hog/workflow.yaml              | 3 +++
 workflows/pod-memory-hog/workflow_cron.yaml         | 3 +++
 14 files changed, 42 insertions(+)

diff --git a/workflows/kube-proxy-all/workflow.yaml b/workflows/kube-proxy-all/workflow.yaml
index b068817..755ce7e 100644
--- a/workflows/kube-proxy-all/workflow.yaml
+++ b/workflows/kube-proxy-all/workflow.yaml
@@ -6,6 +6,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/kube-proxy-all/workflow_cron.yaml b/workflows/kube-proxy-all/workflow_cron.yaml
index eb2a1d4..1bbba7a 100644
--- a/workflows/kube-proxy-all/workflow_cron.yaml
+++ b/workflows/kube-proxy-all/workflow_cron.yaml
@@ -10,6 +10,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace
diff --git a/workflows/namespaced-scope-chaos/workflow.yaml b/workflows/namespaced-scope-chaos/workflow.yaml
index a586ea0..7dd164f 100644
--- a/workflows/namespaced-scope-chaos/workflow.yaml
+++ b/workflows/namespaced-scope-chaos/workflow.yaml
@@ -5,6 +5,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/namespaced-scope-chaos/workflow_cron.yaml b/workflows/namespaced-scope-chaos/workflow_cron.yaml
index 265c49a..75a1d15 100644
--- a/workflows/namespaced-scope-chaos/workflow_cron.yaml
+++ b/workflows/namespaced-scope-chaos/workflow_cron.yaml
@@ -9,6 +9,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace
diff --git a/workflows/node-cpu-hog/workflow.yaml b/workflows/node-cpu-hog/workflow.yaml
index 191790d..9ae86ce 100644
--- a/workflows/node-cpu-hog/workflow.yaml
+++ b/workflows/node-cpu-hog/workflow.yaml
@@ -6,6 +6,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/node-cpu-hog/workflow_cron.yaml b/workflows/node-cpu-hog/workflow_cron.yaml
index 6e54c6f..9ce273e 100644
--- a/workflows/node-cpu-hog/workflow_cron.yaml
+++ b/workflows/node-cpu-hog/workflow_cron.yaml
@@ -10,6 +10,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace
diff --git a/workflows/node-memory-hog/workflow.yaml b/workflows/node-memory-hog/workflow.yaml
index d440ba6..99294e5 100644
--- a/workflows/node-memory-hog/workflow.yaml
+++ b/workflows/node-memory-hog/workflow.yaml
@@ -6,6 +6,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/node-memory-hog/workflow_cron.yaml b/workflows/node-memory-hog/workflow_cron.yaml
index 9c05902..e13333d 100644
--- a/workflows/node-memory-hog/workflow_cron.yaml
+++ b/workflows/node-memory-hog/workflow_cron.yaml
@@ -10,6 +10,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace
diff --git a/workflows/pod-cpu-hog/workflow.yaml b/workflows/pod-cpu-hog/workflow.yaml
index decd28f..fd41196 100644
--- a/workflows/pod-cpu-hog/workflow.yaml
+++ b/workflows/pod-cpu-hog/workflow.yaml
@@ -6,6 +6,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/pod-cpu-hog/workflow_cron.yaml b/workflows/pod-cpu-hog/workflow_cron.yaml
index 1cc29a1..922b162 100644
--- a/workflows/pod-cpu-hog/workflow_cron.yaml
+++ b/workflows/pod-cpu-hog/workflow_cron.yaml
@@ -10,6 +10,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace
diff --git a/workflows/pod-delete/workflow.yaml b/workflows/pod-delete/workflow.yaml
index 45c1f6c..5d5520f 100644
--- a/workflows/pod-delete/workflow.yaml
+++ b/workflows/pod-delete/workflow.yaml
@@ -6,6 +6,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/pod-delete/workflow_cron.yaml b/workflows/pod-delete/workflow_cron.yaml
index 872bd84..b89c284 100644
--- a/workflows/pod-delete/workflow_cron.yaml
+++ b/workflows/pod-delete/workflow_cron.yaml
@@ -10,6 +10,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace
diff --git a/workflows/pod-memory-hog/workflow.yaml b/workflows/pod-memory-hog/workflow.yaml
index c7b1220..f8c8571 100644
--- a/workflows/pod-memory-hog/workflow.yaml
+++ b/workflows/pod-memory-hog/workflow.yaml
@@ -6,6 +6,9 @@ metadata:
 spec:
   entrypoint: argowf-chaos
   serviceAccountName: argo-chaos
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
   arguments:
     parameters:
       - name: adminModeNamespace
diff --git a/workflows/pod-memory-hog/workflow_cron.yaml b/workflows/pod-memory-hog/workflow_cron.yaml
index 6fc3237..e532bb7 100644
--- a/workflows/pod-memory-hog/workflow_cron.yaml
+++ b/workflows/pod-memory-hog/workflow_cron.yaml
@@ -10,6 +10,9 @@ spec:
   workflowSpec:
     entrypoint: argowf-chaos
     serviceAccountName: argo-chaos
+    securityContext:
+      runAsUser: 1000
+      runAsNonRoot: true
     arguments:
       parameters:
         - name: adminModeNamespace