feat(HelmChart): Configurable securityContext in Pods (#20509)
* feat(Helm Chart): add customizable securityContext
* build(Helm Chart): bump Chart to 0.6.4
* feat(Helm Chart): add support for securityContext
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 16c5986..1459ae5 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -22,7 +22,7 @@
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
-version: 0.6.3
+version: 0.6.4
dependencies:
- name: postgresql
version: 11.1.22
diff --git a/helm/superset/templates/deployment-beat.yaml b/helm/superset/templates/deployment-beat.yaml
index 5587dcf..cb217d3 100644
--- a/helm/superset/templates/deployment-beat.yaml
+++ b/helm/superset/templates/deployment-beat.yaml
@@ -64,6 +64,9 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetCeleryBeat.securityContext }}
+ {{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }}
+ {{- end }}
{{- if .Values.supersetCeleryBeat.initContainers }}
initContainers:
{{- tpl (toYaml .Values.supersetCeleryBeat.initContainers) . | nindent 6 }}
diff --git a/helm/superset/templates/deployment-worker.yaml b/helm/superset/templates/deployment-worker.yaml
index 54eb5d8..2d7474c 100644
--- a/helm/superset/templates/deployment-worker.yaml
+++ b/helm/superset/templates/deployment-worker.yaml
@@ -62,6 +62,9 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetWorker.securityContext }}
+ {{ toYaml .Values.supersetWorker.securityContext | nindent 8 }}
+ {{- end }}
{{- if .Values.supersetWorker.initContainers }}
initContainers:
{{- tpl (toYaml .Values.supersetWorker.initContainers) . | nindent 6 }}
diff --git a/helm/superset/templates/deployment.yaml b/helm/superset/templates/deployment.yaml
index 4d3a42e..d838fb9 100644
--- a/helm/superset/templates/deployment.yaml
+++ b/helm/superset/templates/deployment.yaml
@@ -65,6 +65,9 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.supersetNode.securityContext }}
+ {{ toYaml .Values.supersetNode.securityContext | nindent 8 }}
+ {{- end }}
{{- if .Values.supersetNode.initContainers }}
initContainers:
{{- tpl (toYaml .Values.supersetNode.initContainers) . | nindent 6 }}
diff --git a/helm/superset/templates/init-job.yaml b/helm/superset/templates/init-job.yaml
index 483ced8..8d48f04 100644
--- a/helm/superset/templates/init-job.yaml
+++ b/helm/superset/templates/init-job.yaml
@@ -36,6 +36,9 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
+ {{- if .Values.init.securityContext }}
+ {{ toYaml .Values.init.securityContext | nindent 8 }}
+ {{- end }}
{{- if .Values.init.initContainers }}
initContainers:
{{- tpl (toYaml .Values.init.initContainers) . | nindent 6 }}
diff --git a/helm/superset/values.schema.json b/helm/superset/values.schema.json
index 6c4359a..4101d73 100644
--- a/helm/superset/values.schema.json
+++ b/helm/superset/values.schema.json
@@ -278,6 +278,9 @@
},
"resources": {
"type": "object"
+ },
+ "securityContext": {
+ "type": "object"
}
},
"required": [
@@ -311,6 +314,9 @@
},
"resources": {
"type": "object"
+ },
+ "securityContext": {
+ "type": "object"
}
},
"required": [
@@ -345,6 +351,9 @@
},
"resources": {
"type": "object"
+ },
+ "securityContext": {
+ "type": "object"
}
},
"required": [
@@ -408,6 +417,9 @@
},
"podAnnotations": {
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
+ },
+ "securityContext": {
+ "type": "object"
}
},
"required": [
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index 197ec4b..bd04ba9 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -263,6 +263,7 @@
# requests:
# cpu: 100m
# memory: 128Mi
+ securityContext: {}
##
## Superset worker configuration
supersetWorker:
@@ -293,6 +294,7 @@
# requests:
# cpu: 100m
# memory: 128Mi
+ securityContext: {}
##
## Superset beat configuration (to trigger scheduled jobs like reports)
supersetCeleryBeat:
@@ -325,6 +327,7 @@
# requests:
# cpu: 100m
# memory: 128Mi
+ securityContext: {}
##
## Init job configuration
init:
@@ -388,6 +391,7 @@
fi
## Annotations to be added to init job pods
podAnnotations: {}
+ securityContext: {}
##
## Configuration values for the postgresql dependency.
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md