commit 1a806687fc75c5ed4f561ece1264149e37dd7df3
author Milosz Bednarzak <33376065+miloszbednarzak@users.noreply.github.com> Tue Jul 05 21:14:35 2022 +0200
committer GitHub <noreply@github.com> Tue Jul 05 12:14:35 2022 -0700
tree 09c645fd6ad25299b20588e679b2dde4ce2298b3
parent 94b3d2f0f0e920e667bf2c2d9d3fbfd9ebcc3ffd

feat(HelmChart): Configurable securityContext in Pods (#20509)

* feat(Helm Chart): add customizable securityContext

* build(Helm Chart): bump Chart to 0.6.4

* feat(Helm Chart): add support for securityContext

helm/superset/Chart.yaml

diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 16c5986..1459ae5 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -22,7 +22,7 @@
   - name: craig-rueda
     email: craig@craigrueda.com
     url: https://github.com/craig-rueda
-version: 0.6.3
+version: 0.6.4
 dependencies:
 - name: postgresql
   version: 11.1.22

helm/superset/templates/deployment-beat.yaml

diff --git a/helm/superset/templates/deployment-beat.yaml b/helm/superset/templates/deployment-beat.yaml
index 5587dcf..cb217d3 100644
--- a/helm/superset/templates/deployment-beat.yaml
+++ b/helm/superset/templates/deployment-beat.yaml
@@ -64,6 +64,9 @@
       {{- end }}
       securityContext:
         runAsUser: {{ .Values.runAsUser }}
+      {{- if .Values.supersetCeleryBeat.securityContext }}
+        {{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }}
+      {{- end }}
       {{- if .Values.supersetCeleryBeat.initContainers }}
       initContainers:
       {{-  tpl (toYaml .Values.supersetCeleryBeat.initContainers) . | nindent 6 }}

helm/superset/templates/deployment-worker.yaml

diff --git a/helm/superset/templates/deployment-worker.yaml b/helm/superset/templates/deployment-worker.yaml
index 54eb5d8..2d7474c 100644
--- a/helm/superset/templates/deployment-worker.yaml
+++ b/helm/superset/templates/deployment-worker.yaml
@@ -62,6 +62,9 @@
       {{- end }}
       securityContext:
         runAsUser: {{ .Values.runAsUser }}
+      {{- if .Values.supersetWorker.securityContext }}
+        {{ toYaml .Values.supersetWorker.securityContext | nindent 8 }}
+      {{- end }}
       {{- if .Values.supersetWorker.initContainers }}
       initContainers:
       {{-  tpl (toYaml .Values.supersetWorker.initContainers) . | nindent 6 }}

helm/superset/templates/deployment.yaml

diff --git a/helm/superset/templates/deployment.yaml b/helm/superset/templates/deployment.yaml
index 4d3a42e..d838fb9 100644
--- a/helm/superset/templates/deployment.yaml
+++ b/helm/superset/templates/deployment.yaml
@@ -65,6 +65,9 @@
       {{- end }}
       securityContext:
         runAsUser: {{ .Values.runAsUser }}
+      {{- if .Values.supersetNode.securityContext }}
+        {{ toYaml .Values.supersetNode.securityContext | nindent 8 }}
+      {{- end }}
       {{- if .Values.supersetNode.initContainers }}
       initContainers:
       {{-  tpl (toYaml .Values.supersetNode.initContainers) . | nindent 6 }}

helm/superset/templates/init-job.yaml

diff --git a/helm/superset/templates/init-job.yaml b/helm/superset/templates/init-job.yaml
index 483ced8..8d48f04 100644
--- a/helm/superset/templates/init-job.yaml
+++ b/helm/superset/templates/init-job.yaml
@@ -36,6 +36,9 @@
       {{- end }}
       securityContext:
         runAsUser: {{ .Values.runAsUser }}
+      {{- if .Values.init.securityContext }}
+        {{ toYaml .Values.init.securityContext | nindent 8 }}
+      {{- end }}
       {{- if .Values.init.initContainers }}
       initContainers:
       {{-  tpl (toYaml .Values.init.initContainers) . | nindent 6 }}

helm/superset/values.schema.json

diff --git a/helm/superset/values.schema.json b/helm/superset/values.schema.json
index 6c4359a..4101d73 100644
--- a/helm/superset/values.schema.json
+++ b/helm/superset/values.schema.json
@@ -278,6 +278,9 @@
                 },
                 "resources": {
                     "type": "object"
+                },
+                "securityContext": {
+                    "type": "object"
                 }
             },
             "required": [
@@ -311,6 +314,9 @@
                 },
                 "resources": {
                     "type": "object"
+                },
+                "securityContext": {
+                    "type": "object"
                 }
             },
             "required": [
@@ -345,6 +351,9 @@
                 },
                 "resources": {
                     "type": "object"
+                },
+                "securityContext": {
+                    "type": "object"
                 }
             },
             "required": [
@@ -408,6 +417,9 @@
                 },
                 "podAnnotations": {
                     "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
+                },
+                "securityContext": {
+                    "type": "object"
                 }
             },
             "required": [

helm/superset/values.yaml

diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index 197ec4b..bd04ba9 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -263,6 +263,7 @@
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
+  securityContext: {}
 ##
 ## Superset worker configuration
 supersetWorker:
@@ -293,6 +294,7 @@
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
+  securityContext: {}
 ##
 ## Superset beat configuration (to trigger scheduled jobs like reports)
 supersetCeleryBeat:
@@ -325,6 +327,7 @@
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
+  securityContext: {}
 ##
 ## Init job configuration
 init:
@@ -388,6 +391,7 @@
     fi
   ## Annotations to be added to init job pods
   podAnnotations: {}
+  securityContext: {}
 ##
 ## Configuration values for the postgresql dependency.
 ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md