Enable ability to modify pod security context #49
Comments
jmehitch
added a commit
to jmehitch/athens-charts
that referenced
this issue
Nov 14, 2023
--- Resolves issue: gomods#49. This commit updates the chart to enable us to override/set additional security context configuration at the container level in each of the containers in the athens-proxy deployment template. It moves the existing `securityContext` configuration to the `PodSecurityContext` at the pod spec level to ensure this isn't a breaking change and ensures backwards compatibility. It adds two new values in the chart `securityContext` (for the main athens container) and `initContainerSecurityContext` (for the init container, if used). This allows us to override/modify the existing configuration with additional security context configuration options in each of the containers, at the container `securityContext` level. See `PodSecurityContext` API reference for fields that can be set at the pod spec level (for the existing `image.runAsNonRoot` configuration): https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core. And see `SecurityContext` API reference for the fields that can be set at the container spec level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core.
DrPsychick
pushed a commit
that referenced
this issue
Nov 15, 2023
Resolves issue: #49. This PR updates the chart to enable us to override/set additional security context configuration at the container level in each of the containers in the athens-proxy deployment template. It moves the existing `securityContext` configuration to the `PodSecurityContext` at the pod spec level to ensure this isn't a breaking change and ensures backwards compatibility. It adds two new values in the chart `securityContext` (for the main athens container) and `initContainerSecurityContext` (for the init container, if used). This allows us to override/modify the existing configuration with additional security context configuration options in each of the containers, at the container `securityContext` level. See `PodSecurityContext` API reference for fields that can be set at the pod spec level (for the existing `image.runAsNonRoot` configuration): https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core. And see `SecurityContext` API reference for the fields that can be set at the container spec level: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
We have some tight security restrictions in the k8s cluster we'd like to deploy athens-proxy, it would be helpful to be able to set custom
securityContextconfiguration in the deployment template.This should be fairly simple to achieve by adding a conditional block in the template and an extra value in the values file.
Note: I'm only creating this issue for visibiliy, I'm going to submit a PR for this over the next few days.
The text was updated successfully, but these errors were encountered: