feat(HelmChart): Add securityContext on pod level (#20666)
* feat(HelmChart): securityContext - container level
* build(helmchart): bump chart to 0.6.5
diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml
index 1459ae5..e76c94e 100644
--- a/helm/superset/Chart.yaml
+++ b/helm/superset/Chart.yaml
@@ -22,7 +22,7 @@
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
-version: 0.6.4
+version: 0.6.5
dependencies:
- name: postgresql
version: 11.1.22
diff --git a/helm/superset/templates/deployment-beat.yaml b/helm/superset/templates/deployment-beat.yaml
index cb217d3..31840f1 100644
--- a/helm/superset/templates/deployment-beat.yaml
+++ b/helm/superset/templates/deployment-beat.yaml
@@ -64,8 +64,8 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.supersetCeleryBeat.securityContext }}
- {{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }}
+ {{- if .Values.supersetCeleryBeat.podSecurityContext }}
+ {{ toYaml .Values.supersetCeleryBeat.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetCeleryBeat.initContainers }}
initContainers:
@@ -78,6 +78,9 @@
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetCeleryBeat.containerSecurityContext }}
+ securityContext: {{ toYaml .Values.supersetCeleryBeat.containerSecurityContext | nindent 12 }}
+ {{- end }}
command: {{ tpl (toJson .Values.supersetCeleryBeat.command) . }}
env:
- name: "SUPERSET_PORT"
diff --git a/helm/superset/templates/deployment-worker.yaml b/helm/superset/templates/deployment-worker.yaml
index 2d7474c..74c0fae 100644
--- a/helm/superset/templates/deployment-worker.yaml
+++ b/helm/superset/templates/deployment-worker.yaml
@@ -62,8 +62,8 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.supersetWorker.securityContext }}
- {{ toYaml .Values.supersetWorker.securityContext | nindent 8 }}
+ {{- if .Values.supersetWorker.podSecurityContext }}
+ {{ toYaml .Values.supersetWorker.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetWorker.initContainers }}
initContainers:
@@ -76,6 +76,9 @@
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetWorker.containerSecurityContext }}
+ securityContext: {{ toYaml .Values.supersetWorker.containerSecurityContext | nindent 12 }}
+ {{- end }}
command: {{ tpl (toJson .Values.supersetWorker.command) . }}
env:
- name: "SUPERSET_PORT"
diff --git a/helm/superset/templates/deployment.yaml b/helm/superset/templates/deployment.yaml
index d838fb9..75156d8 100644
--- a/helm/superset/templates/deployment.yaml
+++ b/helm/superset/templates/deployment.yaml
@@ -65,8 +65,8 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.supersetNode.securityContext }}
- {{ toYaml .Values.supersetNode.securityContext | nindent 8 }}
+ {{- if .Values.supersetNode.podSecurityContext }}
+ {{ toYaml .Values.supersetNode.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetNode.initContainers }}
initContainers:
@@ -79,6 +79,9 @@
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.supersetNode.containerSecurityContext }}
+ securityContext: {{ toYaml .Values.supersetNode.containerSecurityContext | nindent 12 }}
+ {{- end }}
command: {{ tpl (toJson .Values.supersetNode.command) . }}
env:
- name: "SUPERSET_PORT"
diff --git a/helm/superset/templates/init-job.yaml b/helm/superset/templates/init-job.yaml
index 8d48f04..92b8ce7 100644
--- a/helm/superset/templates/init-job.yaml
+++ b/helm/superset/templates/init-job.yaml
@@ -36,8 +36,8 @@
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
- {{- if .Values.init.securityContext }}
- {{ toYaml .Values.init.securityContext | nindent 8 }}
+ {{- if .Values.init.podSecurityContext }}
+ {{ toYaml .Values.init.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.init.initContainers }}
initContainers:
@@ -64,6 +64,9 @@
name: {{ tpl . $ }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
+ {{- if .Values.init.containerSecurityContext }}
+ securityContext: {{ toYaml .Values.init.containerSecurityContext | nindent 12 }}
+ {{- end }}
volumeMounts:
- name: superset-config
mountPath: {{ .Values.configMountPath | quote }}
diff --git a/helm/superset/values.schema.json b/helm/superset/values.schema.json
index 4101d73..33912c6 100644
--- a/helm/superset/values.schema.json
+++ b/helm/superset/values.schema.json
@@ -279,7 +279,10 @@
"resources": {
"type": "object"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
@@ -315,7 +318,10 @@
"resources": {
"type": "object"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
@@ -352,7 +358,10 @@
"resources": {
"type": "object"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
@@ -418,7 +427,10 @@
"podAnnotations": {
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
- "securityContext": {
+ "podSecurityContext": {
+ "type": "object"
+ },
+ "containerSecurityContext": {
"type": "object"
}
},
diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml
index bd04ba9..1b2fe3a 100644
--- a/helm/superset/values.yaml
+++ b/helm/superset/values.yaml
@@ -263,7 +263,8 @@
# requests:
# cpu: 100m
# memory: 128Mi
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Superset worker configuration
supersetWorker:
@@ -294,7 +295,8 @@
# requests:
# cpu: 100m
# memory: 128Mi
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Superset beat configuration (to trigger scheduled jobs like reports)
supersetCeleryBeat:
@@ -327,7 +329,8 @@
# requests:
# cpu: 100m
# memory: 128Mi
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Init job configuration
init:
@@ -391,7 +394,8 @@
fi
## Annotations to be added to init job pods
podAnnotations: {}
- securityContext: {}
+ podSecurityContext: {}
+ containerSecurityContext: {}
##
## Configuration values for the postgresql dependency.
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
