[apisix-helm-chart] branch master updated: Adds security context for init constainers (https://github.com/apache/apisix-helm-chart/issues/626) (#627)

Thu, 28 Sep 2023 10:28:54 -0700 

This is an automated email from the ASF dual-hosted git repository.

gallardot pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix-helm-chart.git


The following commit(s) were added to refs/heads/master by this push:
     new 3a80692  Adds security context for init constainers 
(https://github.com/apache/apisix-helm-chart/issues/626) (#627)
3a80692 is described below

commit 3a8069225041d8912f19d134010d5b7ce6e9f00c
Author: Michael Kotten <[email protected]>
AuthorDate: Thu Sep 28 19:28:43 2023 +0200

    Adds security context for init constainers 
(https://github.com/apache/apisix-helm-chart/issues/626) (#627)
---
 charts/apisix/README.md          | 1 +
 charts/apisix/templates/_pod.tpl | 5 +++++
 charts/apisix/values.yaml        | 8 ++++++++
 3 files changed, 14 insertions(+)

diff --git a/charts/apisix/README.md b/charts/apisix/README.md
index 4738c1f..a7bd2ac 100644
--- a/charts/apisix/README.md
+++ b/charts/apisix/README.md
@@ -196,6 +196,7 @@ The command removes all the Kubernetes components 
associated with the chart and
 | global.secrets | list | `[]` | Secrets to be created with apisix |
 | ingress-controller | object | 
`{"config":{"apisix":{"adminAPIVersion":"v3"}},"enabled":false}` | Ingress 
controller configuration |
 | initContainer.image | string | `"busybox"` | Init container image |
+| initContainer.securityContext | object | `{}` | Set the securityContext for 
the init container |
 | initContainer.tag | float | `1.28` | Init container tag |
 | logs.accessLog | string | `"/dev/stdout"` | Access log path |
 | logs.accessLogFormat | string | `"$remote_addr - $remote_user [$time_local] 
$http_host \\\"$request\\\" $status $body_bytes_sent $request_time 
\\\"$http_referer\\\" \\\"$http_user_agent\\\" $upstream_addr $upstream_status 
$upstream_response_time 
\\\"$upstream_scheme://$upstream_host$upstream_uri\\\""` | Access log format |
diff --git a/charts/apisix/templates/_pod.tpl b/charts/apisix/templates/_pod.tpl
index a32f8f1..38738c1 100644
--- a/charts/apisix/templates/_pod.tpl
+++ b/charts/apisix/templates/_pod.tpl
@@ -203,6 +203,11 @@ spec:
       {{ else }}
       command: ['sh', '-c', "until nc -z {{ .Release.Name }}-etcd.{{ 
.Release.Namespace }}.svc.{{ .Values.etcd.clusterDomain }} {{ 
.Values.etcd.service.port }}; do echo waiting for etcd `date`; sleep 2; done;"]
       {{- end }}
+      {{- with .Values.initContainer.securityContext }}
+      securityContext:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
+
     {{- end }}
     {{- if .Values.extraInitContainers }}
     {{- toYaml .Values.extraInitContainers | nindent 4 }}
diff --git a/charts/apisix/values.yaml b/charts/apisix/values.yaml
index c4c2660..9587f0a 100644
--- a/charts/apisix/values.yaml
+++ b/charts/apisix/values.yaml
@@ -559,6 +559,14 @@ initContainer:
   image: busybox
   # -- Init container tag
   tag: 1.28
+  # -- Set the securityContext for the init container
+  securityContext: {}
+    # capabilities:
+    #   drop:
+    #   - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
 
 autoscaling:
   enabled: false

Reply via email to