This is an automated email from the ASF dual-hosted git repository.
pbacsko pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/yunikorn-release.git
The following commit(s) were added to refs/heads/master by this push:
new 9ef8317 [YUNIKORN-2990] Add support for securityContext in the helm
charts (#184)
9ef8317 is described below
commit 9ef83174ba1869a7ea45361fe25b0efa26abb237
Author: Peter Bacsko <[email protected]>
AuthorDate: Fri Dec 6 13:57:03 2024 +0100
[YUNIKORN-2990] Add support for securityContext in the helm charts (#184)
Closes: #184
Signed-off-by: Peter Bacsko <[email protected]>
---
.../yunikorn/templates/admission-controller-deployment.yaml | 8 ++++++++
helm-charts/yunikorn/templates/deployment.yaml | 12 ++++++++++++
helm-charts/yunikorn/values.yaml | 5 +++++
3 files changed, 25 insertions(+)
diff --git
a/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
b/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
index 6e08cce..9e9973c 100644
--- a/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
+++ b/helm-charts/yunikorn/templates/admission-controller-deployment.yaml
@@ -51,6 +51,10 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
+ {{- with .Values.admissionPodSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- if .Values.admissionController.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
@@ -88,6 +92,10 @@ spec:
limits:
cpu: {{ .Values.admissionController.resources.limits.cpu }}
memory: {{ .Values.admissionController.resources.limits.memory }}
+ {{- with .Values.admissionContainerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
volumeMounts:
- name: admission-controller-secrets
mountPath: /run/secrets/webhook
diff --git a/helm-charts/yunikorn/templates/deployment.yaml
b/helm-charts/yunikorn/templates/deployment.yaml
index 2fbfe40..aecbbf3 100644
--- a/helm-charts/yunikorn/templates/deployment.yaml
+++ b/helm-charts/yunikorn/templates/deployment.yaml
@@ -49,6 +49,10 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
+ {{- with .Values.podSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- if .Values.hostNetwork }}
hostNetwork: true
dnsPolicy: ClusterFirstWithHostNet
@@ -95,6 +99,10 @@ spec:
fieldPath: metadata.namespace
resources:
{{- toYaml .Values.resources | nindent 12 }}
+ {{- with .Values.schedulerSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
{{- if .Values.enableWebService }}
- name: yunikorn-scheduler-web
image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag
}}"
@@ -105,4 +113,8 @@ spec:
protocol: TCP
resources:
{{- toYaml .Values.web.resources | nindent 12 }}
+ {{- with .Values.webSecurityContext }}
+ securityContext:
+ {{- toYaml . | nindent 12 }}
+ {{- end }}
{{- end }}
diff --git a/helm-charts/yunikorn/values.yaml b/helm-charts/yunikorn/values.yaml
index 19a5127..f5a1b26 100644
--- a/helm-charts/yunikorn/values.yaml
+++ b/helm-charts/yunikorn/values.yaml
@@ -128,3 +128,8 @@ enableWebService: true
podLabels: {}
podAnnotations: {}
+podSecurityContext: {}
+schedulerSecurityContext: {}
+webSecurityContext: {}
+admissionPodSecurityContext: {}
+admissionContainerSecurityContext: {}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
