This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 92cc2ffd86 Add securityContexts in dagProcessor.logGroomerSidecar
(#34499)
92cc2ffd86 is described below
commit 92cc2ffd863b8925ed785d5e8b02ac38488e835e
Author: Aldwyn Cabarrubias <[email protected]>
AuthorDate: Wed Nov 29 11:00:28 2023 +0800
Add securityContexts in dagProcessor.logGroomerSidecar (#34499)
---------
Co-authored-by: Elad Kalif <[email protected]>
---
chart/templates/dag-processor/dag-processor-deployment.yaml | 2 ++
chart/values.yaml | 2 ++
helm_tests/security/test_security_context.py | 2 ++
3 files changed, 6 insertions(+)
diff --git a/chart/templates/dag-processor/dag-processor-deployment.yaml
b/chart/templates/dag-processor/dag-processor-deployment.yaml
index 24da3fca8e..28a2dc0a30 100644
--- a/chart/templates/dag-processor/dag-processor-deployment.yaml
+++ b/chart/templates/dag-processor/dag-processor-deployment.yaml
@@ -29,6 +29,7 @@
{{- $revisionHistoryLimit := or .Values.dagProcessor.revisionHistoryLimit
.Values.revisionHistoryLimit }}
{{- $securityContext := include "airflowPodSecurityContext" (list .
.Values.dagProcessor) }}
{{- $containerSecurityContext := include "containerSecurityContext" (list .
.Values.dagProcessor) }}
+{{- $containerSecurityContextLogGroomerSidecar := include
"containerSecurityContext" (list . .Values.dagProcessor.logGroomerSidecar) }}
{{- $containerSecurityContextWaitForMigrations := include
"containerSecurityContext" (list . .Values.dagProcessor.waitForMigrations) }}
{{- $containerLifecycleHooks := or
.Values.dagProcessor.containerLifecycleHooks .Values.containerLifecycleHooks }}
apiVersion: apps/v1
@@ -198,6 +199,7 @@ spec:
resources: {{- toYaml
.Values.dagProcessor.logGroomerSidecar.resources | nindent 12 }}
image: {{ template "airflow_image" . }}
imagePullPolicy: {{ .Values.images.airflow.pullPolicy }}
+ securityContext: {{ $containerSecurityContextLogGroomerSidecar |
nindent 12 }}
{{- if .Values.dagProcessor.logGroomerSidecar.command }}
command: {{ tpl (toYaml
.Values.dagProcessor.logGroomerSidecar.command) . | nindent 12 }}
{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 4e62390473..763d824837 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1666,6 +1666,8 @@ dagProcessor:
# requests:
# cpu: 100m
# memory: 128Mi
+ securityContexts:
+ container: {}
waitForMigrations:
# Whether to create init container to wait for db migrations
diff --git a/helm_tests/security/test_security_context.py
b/helm_tests/security/test_security_context.py
index 8a51f62e67..c6f8f8ce79 100644
--- a/helm_tests/security/test_security_context.py
+++ b/helm_tests/security/test_security_context.py
@@ -322,10 +322,12 @@ class TestSecurityContext:
values={
"scheduler": {**spec},
"workers": {**spec},
+ "dagProcessor": {**spec},
},
show_only=[
"templates/scheduler/scheduler-deployment.yaml",
"templates/workers/worker-deployment.yaml",
+ "templates/dag-processor/dag-processor-deployment.yaml",
],
)
