jedcunningham commented on code in PR #31043:
URL: https://github.com/apache/airflow/pull/31043#discussion_r1212445164


##########
docs/helm-chart/production-guide.rst:
##########
@@ -331,35 +331,41 @@ In the Airflow Helm chart, the ``securityContext`` can be 
configured in several
 
   * :ref:`uid <parameters:Airflow>` (configures the global uid or RunAsUser)
   * :ref:`gid <parameters:Airflow>` (configures the global gid or fsGroup)
-  * :ref:`securityContext <parameters:Kubernetes>` (same as ``uid`` but allows 
for setting all `Pod securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core>`_)
-  * :ref:`securityContexts <parameters:Kubernetes>` (same as 
``securityContext`` with additional security context on the container level 
`Container securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core>`_)
+  * :ref:`securityContext <parameters:Kubernetes>` (deprecated, use 
``securityContexts`` instead.)
+  * :ref:`securityContexts <parameters:Kubernetes>` (same as ``uid`` but 
allows for setting all `Pod securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core>`_
 and `Container securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core>`_)
 
-The same way one can configure the global :ref:`securityContext 
<parameters:Kubernetes>`, it is also possible to configure different values for 
specific workloads by setting their local ``securityContext`` as follows:
+The same way one can configure the global :ref:`securityContexts 
<parameters:Kubernetes>`, it is also possible to configure different values for 
specific workloads by setting their local ``securityContexts`` as follows:
 
 .. code-block:: yaml
 
   workers:
     securityContext:
+    pod:
       runAsUser: 5000
       fsGroup: 0
+    containers:
+      allowPrivilegeEscalation: false

Review Comment:
   ```suggestion
       securityContexts:
         pod:
           runAsUser: 5000
           fsGroup: 0
         containers:
           allowPrivilegeEscalation: false
   ```
   
   Right?



##########
docs/helm-chart/production-guide.rst:
##########
@@ -331,35 +331,41 @@ In the Airflow Helm chart, the ``securityContext`` can be 
configured in several
 
   * :ref:`uid <parameters:Airflow>` (configures the global uid or RunAsUser)
   * :ref:`gid <parameters:Airflow>` (configures the global gid or fsGroup)
-  * :ref:`securityContext <parameters:Kubernetes>` (same as ``uid`` but allows 
for setting all `Pod securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core>`_)
-  * :ref:`securityContexts <parameters:Kubernetes>` (same as 
``securityContext`` with additional security context on the container level 
`Container securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core>`_)
+  * :ref:`securityContext <parameters:Kubernetes>` (deprecated, use 
``securityContexts`` instead.)

Review Comment:
   ```suggestion
   ```
   
   We don't have to mention the old way :)



##########
docs/helm-chart/production-guide.rst:
##########
@@ -331,35 +331,41 @@ In the Airflow Helm chart, the ``securityContext`` can be 
configured in several
 
   * :ref:`uid <parameters:Airflow>` (configures the global uid or RunAsUser)
   * :ref:`gid <parameters:Airflow>` (configures the global gid or fsGroup)
-  * :ref:`securityContext <parameters:Kubernetes>` (same as ``uid`` but allows 
for setting all `Pod securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core>`_)
-  * :ref:`securityContexts <parameters:Kubernetes>` (same as 
``securityContext`` with additional security context on the container level 
`Container securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core>`_)
+  * :ref:`securityContext <parameters:Kubernetes>` (deprecated, use 
``securityContexts`` instead.)
+  * :ref:`securityContexts <parameters:Kubernetes>` (same as ``uid`` but 
allows for setting all `Pod securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#podsecuritycontext-v1-core>`_
 and `Container securityContext options 
<https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.18/#securitycontext-v1-core>`_)
 
-The same way one can configure the global :ref:`securityContext 
<parameters:Kubernetes>`, it is also possible to configure different values for 
specific workloads by setting their local ``securityContext`` as follows:
+The same way one can configure the global :ref:`securityContexts 
<parameters:Kubernetes>`, it is also possible to configure different values for 
specific workloads by setting their local ``securityContexts`` as follows:
 
 .. code-block:: yaml
 
   workers:
     securityContext:
+    pod:
       runAsUser: 5000
       fsGroup: 0
+    containers:
+      allowPrivilegeEscalation: false
 
-In the example above, the workers Pod ``securityContext`` will be set to 
``runAsUser: 5000`` and ``runAsGroup: 0``.
 
-As one can see, the local setting will take precedence over the global setting 
when defined. The following explains the precedence rule for 
``securityContext`` options in this chart:
+In the example above, the workers Pod ``securityContexts`` will be set to 
``runAsUser: 5000`` and ``runAsGroup: 0``.  The containers pod will be set to 
``allowPrivilegeEscalation: false``.

Review Comment:
   ```suggestion
   In the example above, the workers Pod ``securityContexts`` will be set to 
``runAsUser: 5000`` and ``fsGroup: 0``.  The containers pod will be set to 
``allowPrivilegeEscalation: false``.
   
   Existing error! Oops!
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to