iop
/
superset
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(HelmChart): Add securityContext on pod level (#20666) 

* feat(HelmChart): securityContext - container level

* build(helmchart): bump chart to 0.6.5
This commit is contained in:
Milosz Bednarzak 2022-07-11 17:30:17 +02:00 committed by GitHub
parent 0a316a8ed3
commit ae306d6d1f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 45 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
helm/superset/Chart.yaml
View File

@ -22,7 +22,7 @@ maintainers:
- name: craig-rueda
email: craig@craigrueda.com
url: https://github.com/craig-rueda
version: 0.6.4
version: 0.6.5
dependencies:
- name: postgresql
version: 11.1.22

7
helm/superset/templates/deployment-beat.yaml
View File

@ -64,8 +64,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.supersetCeleryBeat.securityContext }}
{{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }}
{{- if .Values.supersetCeleryBeat.podSecurityContext }}
{{ toYaml .Values.supersetCeleryBeat.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetCeleryBeat.initContainers }}
initContainers:
@ -78,6 +78,9 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.supersetCeleryBeat.containerSecurityContext }}
securityContext: {{ toYaml .Values.supersetCeleryBeat.containerSecurityContext | nindent 12 }}
{{- end }}
command: {{ tpl (toJson .Values.supersetCeleryBeat.command) . }}
env:
- name: "SUPERSET_PORT"

7
helm/superset/templates/deployment-worker.yaml
View File

@ -62,8 +62,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.supersetWorker.securityContext }}
{{ toYaml .Values.supersetWorker.securityContext | nindent 8 }}
{{- if .Values.supersetWorker.podSecurityContext }}
{{ toYaml .Values.supersetWorker.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetWorker.initContainers }}
initContainers:
@ -76,6 +76,9 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.supersetWorker.containerSecurityContext }}
securityContext: {{ toYaml .Values.supersetWorker.containerSecurityContext | nindent 12 }}
{{- end }}
command: {{ tpl (toJson .Values.supersetWorker.command) . }}
env:
- name: "SUPERSET_PORT"

7
helm/superset/templates/deployment.yaml
View File

@ -65,8 +65,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.supersetNode.securityContext }}
{{ toYaml .Values.supersetNode.securityContext | nindent 8 }}
{{- if .Values.supersetNode.podSecurityContext }}
{{ toYaml .Values.supersetNode.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.supersetNode.initContainers }}
initContainers:
@ -79,6 +79,9 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.supersetNode.containerSecurityContext }}
securityContext: {{ toYaml .Values.supersetNode.containerSecurityContext | nindent 12 }}
{{- end }}
command: {{ tpl (toJson .Values.supersetNode.command) . }}
env:
- name: "SUPERSET_PORT"

7
helm/superset/templates/init-job.yaml
View File

@ -36,8 +36,8 @@ spec:
{{- end }}
securityContext:
runAsUser: {{ .Values.runAsUser }}
{{- if .Values.init.securityContext }}
{{ toYaml .Values.init.securityContext | nindent 8 }}
{{- if .Values.init.podSecurityContext }}
{{ toYaml .Values.init.podSecurityContext | nindent 8 }}
{{- end }}
{{- if .Values.init.initContainers }}
initContainers:
@ -64,6 +64,9 @@ spec:
name: {{ tpl . $ }}
{{- end }}
imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.init.containerSecurityContext }}
securityContext: {{ toYaml .Values.init.containerSecurityContext | nindent 12 }}
{{- end }}
volumeMounts:
- name: superset-config
mountPath: {{ .Values.configMountPath | quote }}

20
helm/superset/values.schema.json
View File

@ -279,7 +279,10 @@
"resources": {
"type": "object"
},
"securityContext": {
"podSecurityContext": {
"type": "object"
},
"containerSecurityContext": {
"type": "object"
}
},
@ -315,7 +318,10 @@
"resources": {
"type": "object"
},
"securityContext": {
"podSecurityContext": {
"type": "object"
},
"containerSecurityContext": {
"type": "object"
}
},
@ -352,7 +358,10 @@
"resources": {
"type": "object"
},
"securityContext": {
"podSecurityContext": {
"type": "object"
},
"containerSecurityContext": {
"type": "object"
}
},
@ -418,7 +427,10 @@
"podAnnotations": {
"$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations"
},
"securityContext": {
"podSecurityContext": {
"type": "object"
},
"containerSecurityContext": {
"type": "object"
}
},

12
helm/superset/values.yaml
View File

@ -263,7 +263,8 @@ supersetNode:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
podSecurityContext: {}
containerSecurityContext: {}
##
## Superset worker configuration
supersetWorker:
@ -294,7 +295,8 @@ supersetWorker:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
podSecurityContext: {}
containerSecurityContext: {}
##
## Superset beat configuration (to trigger scheduled jobs like reports)
supersetCeleryBeat:
@ -327,7 +329,8 @@ supersetCeleryBeat:
# requests:
# cpu: 100m
# memory: 128Mi
securityContext: {}
podSecurityContext: {}
containerSecurityContext: {}
##
## Init job configuration
init:
@ -391,7 +394,8 @@ init:
fi
## Annotations to be added to init job pods
podAnnotations: {}
securityContext: {}
podSecurityContext: {}
containerSecurityContext: {}
##
## Configuration values for the postgresql dependency.
## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md