[GitHub] [airflow] jedcunningham commented on a change in pull request #18249: Add support for securityContext per deployment

Tue, 05 Oct 2021 13:42:29 -0700 


jedcunningham commented on a change in pull request #18249:
URL: https://github.com/apache/airflow/pull/18249#discussion_r722672775



##########
File path: chart/templates/_helpers.yaml
##########
@@ -610,3 +610,62 @@ Create the name of the cleanup service account to use
   {{- end -}}
   {{- $kubeVersion -}}
 {{- end -}}
+
+{{/*
+Set the default podsecurity.securityContext
+If no value is passed, defaults to .Values.uid and .Values.gid
+This function is required fr backwards compatibility
+*/}}
+{{- define "defaultSecurityContext" -}}
+{{- if .Values.podSecurity.securityContext -}}
+  {{ .Values.podSecurity.securityContext | toJson }}
+{{- else -}}
+  {{- $result := dict "runAsUser" .Values.uid "fsGroup" .Values.gid }}
+  {{- $result | toJson }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Set the default podsecurity.securityContext
+If no value is passed, defaults to .Values.uid and .Values.gid
+This function is required fr backwards compatibility
+*/}}
+{{- define "defaultContainerSecurityContext" -}}
+{{- if .Values.podSecurity.containerSecurityContext -}}
+{{ .Values.podSecurity.containerSecurityContext | toJson }}
+{{- else -}}
+  {{- $result := dict "runAsUser" .Values.uid "runAsGroup" .Values.gid }}
+  {{- $result | toJson }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+For gitSync and statsD, we use their respectice uid properties as fallback
+*/}}
+{{- define "gitSyncContainerSecurityContext" -}}
+{{- if .Values.dags.gitSync.containerSecurityContext -}}
+  {{ .Values.dags.gitSync.containerSecurityContext | toYaml }}
+{{- else if .Values.podSecurity.containerSecurityContext -}}
+  {{ .Values.podSecurity.containerSecurityContext | toYaml }}
+{{- else -}}
+runAsUser: {{ .Values.dags.gitSync.uid }}
+{{- end -}}
+{{- end -}}
+
+{{- define "statsdSecurityContext" -}}
+{{- if .Values.podSecurity.securityContext -}}
+  {{ .Values.podSecurity.securityContext | toJson }}
+{{- else -}}
+  {{- $result := dict "runAsUser" .Values.statsd.uid }}
+  {{- $result | toJson }}

Review comment:
       Fair enough, makes sense, I should have known it wasn't as simple as it 
seemed 👍




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to