Skip to content

Commit

Permalink
feat(HelmChart): Configurable securityContext in Pods (apache#20509)
Browse files Browse the repository at this point in the history
* feat(Helm Chart): add customizable securityContext

* build(Helm Chart): bump Chart to 0.6.4

* feat(Helm Chart): add support for securityContext
  • Loading branch information
miloszbednarzak authored Jul 5, 2022
1 parent 94b3d2f commit 1a80668
Show file tree
Hide file tree
Showing 7 changed files with 29 additions and 1 deletion.
2 changes: 1 addition & 1 deletion helm/superset/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ maintainers:
- name: craig-rueda
email: [email protected]
url: https://github.com/craig-rueda
version: 0.6.3
version: 0.6.4
dependencies:
- name: postgresql
version: 11.1.22
Expand Down
3 changes: 3 additions & 0 deletions helm/superset/templates/deployment-beat.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,9 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.supersetCeleryBeat.securityContext }}
{{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetCeleryBeat.initContainers }}
initContainers:
{{- tpl (toYaml .Values.supersetCeleryBeat.initContainers) . | nindent 6 }}
Expand Down
3 changes: 3 additions & 0 deletions helm/superset/templates/deployment-worker.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,9 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.supersetWorker.securityContext }}
{{ toYaml .Values.supersetWorker.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetWorker.initContainers }}
initContainers:
{{- tpl (toYaml .Values.supersetWorker.initContainers) . | nindent 6 }}
Expand Down
3 changes: 3 additions & 0 deletions helm/superset/templates/deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -65,6 +65,9 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.supersetNode.securityContext }}
{{ toYaml .Values.supersetNode.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetNode.initContainers }}
initContainers:
{{- tpl (toYaml .Values.supersetNode.initContainers) . | nindent 6 }}
Expand Down
3 changes: 3 additions & 0 deletions helm/superset/templates/init-job.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,9 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.init.securityContext }}
{{ toYaml .Values.init.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.init.initContainers }}
initContainers:
{{- tpl (toYaml .Values.init.initContainers) . | nindent 6 }}
Expand Down
12 changes: 12 additions & 0 deletions helm/superset/values.schema.json
Original file line number Diff line number Diff line change
Expand Up @@ -278,6 +278,9 @@
},
"resources": {
"type": "object"
},
"securityContext": {
"type": "object"
}
},
"required": [
Expand Down Expand Up @@ -311,6 +314,9 @@
},
"resources": {
"type": "object"
},
"securityContext": {
"type": "object"
}
},
"required": [
Expand Down Expand Up @@ -345,6 +351,9 @@
},
"resources": {
"type": "object"
},
"securityContext": {
"type": "object"
}
},
"required": [
Expand Down Expand Up @@ -408,6 +417,9 @@
},
"podAnnotations": {
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"securityContext": {
"type": "object"
}
},
"required": [
Expand Down
4 changes: 4 additions & 0 deletions helm/superset/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -263,6 +263,7 @@ supersetNode:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
##
## Superset worker configuration
supersetWorker:
Expand Down Expand Up @@ -293,6 +294,7 @@ supersetWorker:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
##
## Superset beat configuration (to trigger scheduled jobs like reports)
supersetCeleryBeat:
Expand Down Expand Up @@ -325,6 +327,7 @@ supersetCeleryBeat:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
##
## Init job configuration
init:
Expand Down Expand Up @@ -388,6 +391,7 @@ init:
fi
## Annotations to be added to init job pods
podAnnotations: {}
securityContext: {}
##
## Configuration values for the postgresql dependency.
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
Expand Down

0 comments on commit 1a80668

Please sign in to comment.