Aakcht commented on code in PR #31865:
URL: https://github.com/apache/airflow/pull/31865#discussion_r1237918564
##########
chart/templates/statsd/statsd-deployment.yaml:
##########
@@ -89,7 +88,7 @@ spec:
- name: statsd
image: {{ template "statsd_image" . }}
imagePullPolicy: {{ .Values.images.statsd.pullPolicy }}
- securityContext: {{ $containerSecurityContext | nindent 12 }}
+ securityContext: {{- toYaml
.Values.statsd.securityContexts.container | nindent 12 }}
Review Comment:
@jedcunningham actually this line is not present at all in the latest helm
chart release, it was added in #31043, see
https://github.com/apache/airflow/pull/31043/files#diff-9afea6c64dc71d0fab91a1761ff0b2a9334a6751f5a2026c6d0ba7f57ac47ea1R92
- so I don't think there'll be any issues with backwards compatibility. Or do
you think I should add something like the logic
`<node>.securityContexts.container -> allowPrivilegesEscalation: false,
capabilities.drop: [ALL]` anyway?
Actually thinking about it adding the logic of
`<node>.securityContexts.container -> allowPrivilegesEscalation: false,
capabilities.drop: [ALL]` looks like a good idea, just to be in line with the
other containers of the chart that also add `allowPrivilegesEscalation: false,
capabilities.drop: [ALL]` by default to be compliant with restricted pod
security standards.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
