This is an automated email from the ASF dual-hosted git repository.
craigrueda pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/superset.git
The following commit(s) were added to refs/heads/master by this push:
new ae306d6d1f feat(HelmChart): Add securityContext on pod level (#20666)
ae306d6d1f is described below
commit ae306d6d1f76d6437e640c649e6a4c4e8b3060cb
Author: Milosz Bednarzak <[email protected]>
AuthorDate: Mon Jul 11 17:30:17 2022 +0200
feat(HelmChart): Add securityContext on pod level (#20666)
* feat(HelmChart): securityContext - container level
* build(helmchart): bump chart to 0.6.5
---
helm/superset/Chart.yaml | 2 +-
helm/superset/templates/deployment-beat.yaml | 7 +++++--
helm/superset/templates/deployment-worker.yaml | 7 +++++--
helm/superset/templates/deployment.yaml | 7 +++++--
helm/superset/templates/init-job.yaml | 7 +++++--
helm/superset/values.schema.json | 20 ++++++++++++++++----
helm/superset/values.yaml | 12 ++++++++----
7 files changed, 45 insertions(+), 17 deletions(-)
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 1459ae511f..e76c94e0af 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -22,7 +22,7 @@ maintainers:
- name: craig-rueda
email: [email protected]
url: https://github.com/craig-rueda
-version: 0.6.4
+version: 0.6.5
dependencies:
- name: postgresql
version: 11.1.22
diff --git a/helm/superset/templates/deployment-beat.yaml
b/helm/superset/templates/deployment-beat.yaml
index cb217d3cfb..31840f1484 100644
--- a/helm/superset/templates/deployment-beat.yaml
+++ b/helm/superset/templates/deployment-beat.yaml
@@ -64,8 +64,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.supersetCeleryBeat.securityContext }}
- {{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }}
+ {{- if .Values.supersetCeleryBeat.podSecurityContext }}
+ {{ toYaml .Values.supersetCeleryBeat.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetCeleryBeat.initContainers }}
initContainers:
@@ -78,6 +78,9 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetCeleryBeat.containerSecurityContext }}
+ securityContext: {{ toYaml
.Values.supersetCeleryBeat.containerSecurityContext | nindent 12 }}
+ {{- end }}
command: {{ tpl (toJson .Values.supersetCeleryBeat.command) . }}
env:
- name: "SUPERSET_PORT"
diff --git a/helm/superset/templates/deployment-worker.yaml
b/helm/superset/templates/deployment-worker.yaml
index 2d7474cacb..74c0fae99e 100644
--- a/helm/superset/templates/deployment-worker.yaml
+++ b/helm/superset/templates/deployment-worker.yaml
@@ -62,8 +62,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.supersetWorker.securityContext }}
- {{ toYaml .Values.supersetWorker.securityContext | nindent 8 }}
+ {{- if .Values.supersetWorker.podSecurityContext }}
+ {{ toYaml .Values.supersetWorker.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetWorker.initContainers }}
initContainers:
@@ -76,6 +76,9 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetWorker.containerSecurityContext }}
+ securityContext: {{ toYaml
.Values.supersetWorker.containerSecurityContext | nindent 12 }}
+ {{- end }}
command: {{ tpl (toJson .Values.supersetWorker.command) . }}
env:
- name: "SUPERSET_PORT"
diff --git a/helm/superset/templates/deployment.yaml
b/helm/superset/templates/deployment.yaml
index d838fb964b..75156d8285 100644
--- a/helm/superset/templates/deployment.yaml
+++ b/helm/superset/templates/deployment.yaml
@@ -65,8 +65,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.supersetNode.securityContext }}
- {{ toYaml .Values.supersetNode.securityContext | nindent 8 }}
+ {{- if .Values.supersetNode.podSecurityContext }}
+ {{ toYaml .Values.supersetNode.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetNode.initContainers }}
initContainers:
@@ -79,6 +79,9 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetNode.containerSecurityContext }}
+ securityContext: {{ toYaml
.Values.supersetNode.containerSecurityContext | nindent 12 }}
+ {{- end }}
command: {{ tpl (toJson .Values.supersetNode.command) . }}
env:
- name: "SUPERSET_PORT"
diff --git a/helm/superset/templates/init-job.yaml
b/helm/superset/templates/init-job.yaml
index 8d48f040f2..92b8ce745d 100644
--- a/helm/superset/templates/init-job.yaml
+++ b/helm/superset/templates/init-job.yaml
@@ -36,8 +36,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.init.securityContext }}
- {{ toYaml .Values.init.securityContext | nindent 8 }}
+ {{- if .Values.init.podSecurityContext }}
+ {{ toYaml .Values.init.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.init.initContainers }}
initContainers:
@@ -64,6 +64,9 @@ spec:
name: {{ tpl . $ }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.init.containerSecurityContext }}
+ securityContext: {{ toYaml .Values.init.containerSecurityContext |
nindent 12 }}
+ {{- end }}
volumeMounts:
- name: superset-config
mountPath: {{ .Values.configMountPath | quote }}
diff --git a/helm/superset/values.schema.json b/helm/superset/values.schema.json
index 4101d73c85..33912c6718 100644
--- a/helm/superset/values.schema.json
+++ b/helm/superset/values.schema.json
@@ -279,7 +279,10 @@
"resources": {
"type": "object"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
@@ -315,7 +318,10 @@
"resources": {
"type": "object"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
@@ -352,7 +358,10 @@
"resources": {
"type": "object"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
@@ -418,7 +427,10 @@
"podAnnotations": {
"$ref":
"https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations";
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index bd04ba99a8..1b2fe3ac04 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -263,7 +263,8 @@ supersetNode:
# requests:
# cpu: 100m
# memory: 128Mi
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Superset worker configuration
supersetWorker:
@@ -294,7 +295,8 @@ supersetWorker:
# requests:
# cpu: 100m
# memory: 128Mi
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Superset beat configuration (to trigger scheduled jobs like reports)
supersetCeleryBeat:
@@ -327,7 +329,8 @@ supersetCeleryBeat:
# requests:
# cpu: 100m
# memory: 128Mi
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Init job configuration
init:
@@ -391,7 +394,8 @@ init:
fi
## Annotations to be added to init job pods
podAnnotations: {}
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Configuration values for the postgresql dependency.
## ref:
https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
