From fbba2f3aa838b593a9f6bed7ee38248884a1e80d Mon Sep 17 00:00:00 2001 From: miloszbednarzak Date: Tue, 5 Jul 2022 21:19:35 +0200 Subject: [PATCH 1/2] feat(HelmChart): securityContext - container level --- helm/superset/templates/deployment-beat.yaml | 7 +++++-- .../superset/templates/deployment-worker.yaml | 7 +++++-- helm/superset/templates/deployment.yaml | 7 +++++-- helm/superset/templates/init-job.yaml | 7 +++++-- helm/superset/values.schema.json | 20 +++++++++++++++---- helm/superset/values.yaml | 12 +++++++---- 6 files changed, 44 insertions(+), 16 deletions(-) diff --git a/helm/superset/templates/deployment-beat.yaml b/helm/superset/templates/deployment-beat.yaml index cb217d3cfbf7f..31840f1484a2e 100644 --- a/helm/superset/templates/deployment-beat.yaml +++ b/helm/superset/templates/deployment-beat.yaml @@ -64,8 +64,8 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} - {{- if .Values.supersetCeleryBeat.securityContext }} - {{ toYaml .Values.supersetCeleryBeat.securityContext | nindent 8 }} + {{- if .Values.supersetCeleryBeat.podSecurityContext }} + {{ toYaml .Values.supersetCeleryBeat.podSecurityContext | nindent 8 }} {{- end }} {{- if .Values.supersetCeleryBeat.initContainers }} initContainers: @@ -78,6 +78,9 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.supersetCeleryBeat.containerSecurityContext }} + securityContext: {{ toYaml .Values.supersetCeleryBeat.containerSecurityContext | nindent 12 }} + {{- end }} command: {{ tpl (toJson .Values.supersetCeleryBeat.command) . }} env: - name: "SUPERSET_PORT" diff --git a/helm/superset/templates/deployment-worker.yaml b/helm/superset/templates/deployment-worker.yaml index 2d7474cacb2ce..74c0fae99ebe1 100644 --- a/helm/superset/templates/deployment-worker.yaml +++ b/helm/superset/templates/deployment-worker.yaml @@ -62,8 +62,8 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} - {{- if .Values.supersetWorker.securityContext }} - {{ toYaml .Values.supersetWorker.securityContext | nindent 8 }} + {{- if .Values.supersetWorker.podSecurityContext }} + {{ toYaml .Values.supersetWorker.podSecurityContext | nindent 8 }} {{- end }} {{- if .Values.supersetWorker.initContainers }} initContainers: @@ -76,6 +76,9 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.supersetWorker.containerSecurityContext }} + securityContext: {{ toYaml .Values.supersetWorker.containerSecurityContext | nindent 12 }} + {{- end }} command: {{ tpl (toJson .Values.supersetWorker.command) . }} env: - name: "SUPERSET_PORT" diff --git a/helm/superset/templates/deployment.yaml b/helm/superset/templates/deployment.yaml index d838fb964bbb7..75156d8285c86 100644 --- a/helm/superset/templates/deployment.yaml +++ b/helm/superset/templates/deployment.yaml @@ -65,8 +65,8 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} - {{- if .Values.supersetNode.securityContext }} - {{ toYaml .Values.supersetNode.securityContext | nindent 8 }} + {{- if .Values.supersetNode.podSecurityContext }} + {{ toYaml .Values.supersetNode.podSecurityContext | nindent 8 }} {{- end }} {{- if .Values.supersetNode.initContainers }} initContainers: @@ -79,6 +79,9 @@ spec: - name: {{ .Chart.Name }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.supersetNode.containerSecurityContext }} + securityContext: {{ toYaml .Values.supersetNode.containerSecurityContext | nindent 12 }} + {{- end }} command: {{ tpl (toJson .Values.supersetNode.command) . }} env: - name: "SUPERSET_PORT" diff --git a/helm/superset/templates/init-job.yaml b/helm/superset/templates/init-job.yaml index 8d48f040f2727..92b8ce745dfff 100644 --- a/helm/superset/templates/init-job.yaml +++ b/helm/superset/templates/init-job.yaml @@ -36,8 +36,8 @@ spec: {{- end }} securityContext: runAsUser: {{ .Values.runAsUser }} - {{- if .Values.init.securityContext }} - {{ toYaml .Values.init.securityContext | nindent 8 }} + {{- if .Values.init.podSecurityContext }} + {{ toYaml .Values.init.podSecurityContext | nindent 8 }} {{- end }} {{- if .Values.init.initContainers }} initContainers: @@ -64,6 +64,9 @@ spec: name: {{ tpl . $ }} {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} + {{- if .Values.init.containerSecurityContext }} + securityContext: {{ toYaml .Values.init.containerSecurityContext | nindent 12 }} + {{- end }} volumeMounts: - name: superset-config mountPath: {{ .Values.configMountPath | quote }} diff --git a/helm/superset/values.schema.json b/helm/superset/values.schema.json index 4101d73c8522a..33912c6718083 100644 --- a/helm/superset/values.schema.json +++ b/helm/superset/values.schema.json @@ -279,7 +279,10 @@ "resources": { "type": "object" }, - "securityContext": { + "podSecurityContext": { + "type": "object" + }, + "containerSecurityContext": { "type": "object" } }, @@ -315,7 +318,10 @@ "resources": { "type": "object" }, - "securityContext": { + "podSecurityContext": { + "type": "object" + }, + "containerSecurityContext": { "type": "object" } }, @@ -352,7 +358,10 @@ "resources": { "type": "object" }, - "securityContext": { + "podSecurityContext": { + "type": "object" + }, + "containerSecurityContext": { "type": "object" } }, @@ -418,7 +427,10 @@ "podAnnotations": { "$ref": "https://raw.githubusercontent.com/yannh/kubernetes-json-schema/master/v1.23.0/_definitions.json##/definitions/io.k8s.apimachinery.pkg.apis.meta.v1.ObjectMeta/properties/annotations" }, - "securityContext": { + "podSecurityContext": { + "type": "object" + }, + "containerSecurityContext": { "type": "object" } }, diff --git a/helm/superset/values.yaml b/helm/superset/values.yaml index bd04ba99a8f3c..1b2fe3ac04118 100644 --- a/helm/superset/values.yaml +++ b/helm/superset/values.yaml @@ -263,7 +263,8 @@ supersetNode: # requests: # cpu: 100m # memory: 128Mi - securityContext: {} + podSecurityContext: {} + containerSecurityContext: {} ## ## Superset worker configuration supersetWorker: @@ -294,7 +295,8 @@ supersetWorker: # requests: # cpu: 100m # memory: 128Mi - securityContext: {} + podSecurityContext: {} + containerSecurityContext: {} ## ## Superset beat configuration (to trigger scheduled jobs like reports) supersetCeleryBeat: @@ -327,7 +329,8 @@ supersetCeleryBeat: # requests: # cpu: 100m # memory: 128Mi - securityContext: {} + podSecurityContext: {} + containerSecurityContext: {} ## ## Init job configuration init: @@ -391,7 +394,8 @@ init: fi ## Annotations to be added to init job pods podAnnotations: {} - securityContext: {} + podSecurityContext: {} + containerSecurityContext: {} ## ## Configuration values for the postgresql dependency. ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md From 04a875f9272030d289d68cab41a51bfb90ef6de2 Mon Sep 17 00:00:00 2001 From: miloszbednarzak Date: Mon, 11 Jul 2022 13:09:16 +0200 Subject: [PATCH 2/2] build(helmchart): bump chart to 0.6.5 --- helm/superset/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/superset/Chart.yaml b/helm/superset/Chart.yaml index 1459ae511ff2b..e76c94e0af5e1 100644 --- a/helm/superset/Chart.yaml +++ b/helm/superset/Chart.yaml @@ -22,7 +22,7 @@ maintainers: - name: craig-rueda email: craig@craigrueda.com url: https://github.com/craig-rueda -version: 0.6.4 +version: 0.6.5 dependencies: - name: postgresql version: 11.1.22