From 1a806687fc75c5ed4f561ece1264149e37dd7df3 Mon Sep 17 00:00:00 2001 From: Milosz Bednarzak <33376065+miloszbednarzak@users.noreply.github.com> Date: Tue, 5 Jul 2022 21:14:35 +0200 Subject: [PATCH] feat(HelmChart): Configurable securityContext in Pods (#20509) * feat(Helm Chart): add customizable securityContext * build(Helm Chart): bump Chart to 0.6.4 * feat(Helm Chart): add support for securityContext --- helm/superset/Chart.yaml | 2 +- helm/superset/templates/deployment-beat.yaml | 3 +++ helm/superset/templates/deployment-worker.yaml | 3 +++ helm/superset/templates/deployment.yaml | 3 +++ helm/superset/templates/init-job.yaml | 3 +++ helm/superset/values.schema.json | 12 ++++++++++++ helm/superset/values.yaml | 4 ++++ 7 files changed, 29 insertions(+), 1 deletion(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index 16c59869dfb46..1459ae511ff2b 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -22,7 +22,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.6.3 +version: 0.6.4 dependencies: - name: postgresql version: 11.1.22 diff --git a/helm/superset/templates/deployment-beat.yaml b/helm/superset/templates/deployment-beat.yaml index 5587dcf343eb3..cb217d3cfbf7f 100644 --- a/helm/superset/templates/deployment-beat.yaml +++ b/helm/superset/templates/deployment-beat.yaml @@ -64,6 +64,9 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} + {{- if .Values.supersetCeleryBeat.securityContext }} + {{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }} + {{- end }} {{- if .Values.supersetCeleryBeat.initContainers }} initContainers: {{- tpl (toYaml .Values.supersetCeleryBeat.initContainers) . | nindent 6 }} diff --git a/helm/superset/templates/deployment-worker.yaml b/helm/superset/templates/deployment-worker.yaml index 54eb5d87517e4..2d7474cacb2ce 100644 --- a/helm/superset/templates/deployment-worker.yaml +++ b/helm/superset/templates/deployment-worker.yaml @@ -62,6 +62,9 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} + {{- if .Values.supersetWorker.securityContext }} + {{ toYaml .Values.supersetWorker.securityContext | nindent 8 }} + {{- end }} {{- if .Values.supersetWorker.initContainers }} initContainers: {{- tpl (toYaml .Values.supersetWorker.initContainers) . | nindent 6 }} diff --git a/helm/superset/templates/deployment.yaml b/helm/superset/templates/deployment.yaml index 4d3a42e8e20a7..d838fb964bbb7 100644 --- a/helm/superset/templates/deployment.yaml +++ b/helm/superset/templates/deployment.yaml @@ -65,6 +65,9 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} + {{- if .Values.supersetNode.securityContext }} + {{ toYaml .Values.supersetNode.securityContext | nindent 8 }} + {{- end }} {{- if .Values.supersetNode.initContainers }} initContainers: {{- tpl (toYaml .Values.supersetNode.initContainers) . | nindent 6 }} diff --git a/helm/superset/templates/init-job.yaml b/helm/superset/templates/init-job.yaml index 483ced8d3702b..8d48f040f2727 100644 --- a/helm/superset/templates/init-job.yaml +++ b/helm/superset/templates/init-job.yaml @@ -36,6 +36,9 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} + {{- if .Values.init.securityContext }} + {{ toYaml .Values.init.securityContext | nindent 8 }} + {{- end }} {{- if .Values.init.initContainers }} initContainers: {{- tpl (toYaml .Values.init.initContainers) . | nindent 6 }} diff --git a/helm/superset/values.schema.json b/helm/superset/values.schema.json index 6c4359a0ff940..4101d73c8522a 100644 --- a/helm/superset/values.schema.json +++ b/helm/superset/values.schema.json @@ -278,6 +278,9 @@ }, "resources": { "type": "object" + }, + "securityContext": { + "type": "object" } }, "required": [ @@ -311,6 +314,9 @@ }, "resources": { "type": "object" + }, + "securityContext": { + "type": "object" } }, "required": [ @@ -345,6 +351,9 @@ }, "resources": { "type": "object" + }, + "securityContext": { + "type": "object" } }, "required": [ @@ -408,6 +417,9 @@ }, "podAnnotations": { "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" + }, + "securityContext": { + "type": "object" } }, "required": [ diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml index 197ec4b3c6e70..bd04ba99a8f3c 100644 --- a/helm/superset/values.yaml +++ b/helm/superset/values.yaml @@ -263,6 +263,7 @@ supersetNode: # requests: # cpu: 100m # memory: 128Mi + securityContext: {} ## ## Superset worker configuration supersetWorker: @@ -293,6 +294,7 @@ supersetWorker: # requests: # cpu: 100m # memory: 128Mi + securityContext: {} ## ## Superset beat configuration (to trigger scheduled jobs like reports) supersetCeleryBeat: @@ -325,6 +327,7 @@ supersetCeleryBeat: # requests: # cpu: 100m # memory: 128Mi + securityContext: {} ## ## Init job configuration init: @@ -388,6 +391,7 @@ init: fi ## Annotations to be added to init job pods podAnnotations: {} + securityContext: {} ## ## Configuration values for the postgresql dependency. ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md