From 78ab12ee7ac1c8814febff4c409c6779a489f790 Mon Sep 17 00:00:00 2001
From: sysdig <info@sysdig.com>
Date: Mon, 3 Oct 2022 13:56:04 +0000
Subject: [PATCH] * Sysdig - remediate p1monitor:p1monitor
 "SecurityContext.RunAsUser" for control "Container running as root"

---
 charts/p1monitor/sysdig/kustomization.yaml             |  8 ++++++++
 ...curityContext_runAsUser_for_workload_p1monitor.yaml | 10 ++++++++++
 charts/p1monitor/sysdig/sysdig_helm.sh                 | 10 ++++++++++
 3 files changed, 28 insertions(+)
 create mode 100644 charts/p1monitor/sysdig/kustomization.yaml
 create mode 100644 charts/p1monitor/sysdig/patches/1664805361_remediate_SecurityContext_runAsUser_for_workload_p1monitor.yaml
 create mode 100644 charts/p1monitor/sysdig/sysdig_helm.sh

diff --git a/charts/p1monitor/sysdig/kustomization.yaml b/charts/p1monitor/sysdig/kustomization.yaml
new file mode 100644
index 0000000..bc14d5e
--- /dev/null
+++ b/charts/p1monitor/sysdig/kustomization.yaml
@@ -0,0 +1,8 @@
+resources:
+- all.yaml
+patches:
+- path: ./patches/1664805361_remediate_SecurityContext_runAsUser_for_workload_p1monitor.yaml
+  target:
+    kind: Deployment
+    name: p1monitor
+    namespace: p1monitor
diff --git a/charts/p1monitor/sysdig/patches/1664805361_remediate_SecurityContext_runAsUser_for_workload_p1monitor.yaml b/charts/p1monitor/sysdig/patches/1664805361_remediate_SecurityContext_runAsUser_for_workload_p1monitor.yaml
new file mode 100644
index 0000000..dba98ab
--- /dev/null
+++ b/charts/p1monitor/sysdig/patches/1664805361_remediate_SecurityContext_runAsUser_for_workload_p1monitor.yaml
@@ -0,0 +1,10 @@
+kind: .
+metadata:
+  name: .
+spec:
+  template:
+    spec:
+      containers:
+      - name: p1monitor
+        securityContext:
+          runAsUser: 12345
diff --git a/charts/p1monitor/sysdig/sysdig_helm.sh b/charts/p1monitor/sysdig/sysdig_helm.sh
new file mode 100644
index 0000000..6da2adb
--- /dev/null
+++ b/charts/p1monitor/sysdig/sysdig_helm.sh
@@ -0,0 +1,10 @@
+#!/bin/bash
+
+# ============================================================================
+# Sysdig requires this file to apply remediation patches to your Helm chart.
+# Run "helm install --post-renderer=sysdig_helm.sh" to use Sysdig patches.
+# For more information, follow the link: https://docs.sysdig.com/en/docs/sysdig-secure
+# ============================================================================
+DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
+cat <&0 > "$DIR"/all.yaml
+kustomize build "$DIR" && rm "$DIR"/all.yaml