Merge pull request #9 from gregsymons/INF-2060/INF-2266-pod-security-…

…policy Add ability to specify Pod security context to kafka and zookeeper
affinipay · Jan 10, 2020 · 4cbf7e3 · 4cbf7e3
2 parents adb28ea + cd85626
commit 4cbf7e3
Show file tree

Hide file tree

Showing 4 changed files with 26 additions and 0 deletions.
diff --git a/charts/cp-kafka/templates/statefulset.yaml b/charts/cp-kafka/templates/statefulset.yaml
@@ -168,6 +168,10 @@ spec:
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
       {{- end }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+{{ toYaml .Values.securityContext.spec | indent 8 }}
+      {{- end }}
   {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
   {{- $disksPerBroker := .Values.persistence.disksPerBroker | int }}

diff --git a/charts/cp-kafka/values.yaml b/charts/cp-kafka/values.yaml
@@ -101,6 +101,15 @@ podAnnotations: {}
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 nodeSelector: {}
 
+## Whether or not to apply a security context to the StatefulSet pods, and the specification
+## of that security context.
+securityContext:
+  enabled: false
+  spec:
+    runAsUser: 5000
+    runAsGroup: 5000
+    fsGroup: 5000
+
 ## Taints to tolerate on node assignment:
 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: {}

diff --git a/charts/cp-zookeeper/templates/statefulset.yaml b/charts/cp-zookeeper/templates/statefulset.yaml
@@ -155,6 +155,10 @@ spec:
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
       {{- end }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+{{ toYaml .Values.securityContext.spec | indent 8 }}
+      {{- end }}
   {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
   - metadata:

diff --git a/charts/cp-zookeeper/values.yaml b/charts/cp-zookeeper/values.yaml
@@ -99,6 +99,15 @@ headlessServiceAnnotations: {}
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 nodeSelector: {}
 
+## Whether or not to apply a security context to the StatefulSet pods, and the specification
+## of that security context.
+securityContext:
+  enabled: false
+  spec:
+    runAsUser: 5000
+    runAsGroup: 5000
+    fsGroup: 5000
+
 ## Taints to tolerate on node assignment:
 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: {}