Aakcht commented on PR #31865: URL: https://github.com/apache/airflow/pull/31865#issuecomment-1602264537
@jedcunningham , I updated the PR, please take a look. I'm not sure about backward compatibility, since container security context for redis/statsd wasn't even there in the latest helm chart release. So in the latest release `statsd.securityContext` wasn't going to end up in statsd container security context. In fact, it is even true for the current dev version, see: https://github.com/apache/airflow/blob/main/chart/templates/_helpers.yaml#L842 . So by current logic in main branch `statsd.securityContext` does not affect statsd container security context in any way. However I added default container security context as `allowPrivilegesEscalation: false, capabilities.drop: [ALL]` for redis/statsd, so it should cover people who took the dev version and deployed it with default parameters to kubernetes with restricted PSS - in this case it still should be working for them P.S. Pretty sure check fails are not related to this PR - I'll rebase the PR if I see that it's fixed in main. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
