From 92cdafd3255a67a799e840c4c475e6ee9bbbd7a7 Mon Sep 17 00:00:00 2001 From: bkochauri-memphis Date: Wed, 16 Oct 2024 10:04:01 +0400 Subject: [PATCH 1/3] add podsecurityctx --- charts/superstream/templates/_helpers.tpl | 16 +++++++++++++++- .../templates/deployment-data-plane.yaml | 4 ++-- .../superstream/templates/deployment-syslog.yaml | 2 +- charts/superstream/values.yaml | 10 +++++++--- 4 files changed, 25 insertions(+), 7 deletions(-) diff --git a/charts/superstream/templates/_helpers.tpl b/charts/superstream/templates/_helpers.tpl index 7bc2824..797f0d5 100644 --- a/charts/superstream/templates/_helpers.tpl +++ b/charts/superstream/templates/_helpers.tpl @@ -93,4 +93,18 @@ image: {{ $image }} {{- if or .pullPolicy .global.image.pullPolicy }} imagePullPolicy: {{ .pullPolicy | default .global.image.pullPolicy }} {{- end }} -{{- end }} \ No newline at end of file +{{- end }} + +{{- define "superstream.podSecurityContext" -}} +{{- if or .podSecurityContext .global.podSecurityContext -}} +{{ toYaml (.podSecurityContext | default .global.podSecurityContext) | nindent 4 -}} +{{- end }} +{{- end }} + + + + + + + + diff --git a/charts/superstream/templates/deployment-data-plane.yaml b/charts/superstream/templates/deployment-data-plane.yaml index 4cc7df0..a4c45dc 100644 --- a/charts/superstream/templates/deployment-data-plane.yaml +++ b/charts/superstream/templates/deployment-data-plane.yaml @@ -47,8 +47,8 @@ spec: {{- end }} {{- end }} serviceAccountName: {{ include "superstream.serviceAccountName" . }} - securityContext: - {{- toYaml .Values.superstreamEngine.podSecurityContext | nindent 8 }} + securityContext: + {{- include "superstream.podSecurityContext" (merge (pick $.Values "global") .Values.superstreamEngine) | nindent 4 }} containers: - name: {{ .Chart.Name }}-data-plane {{ include "superstream.image" (merge (pick $.Values "global") .Values.superstreamEngine.image) | nindent 10 }} diff --git a/charts/superstream/templates/deployment-syslog.yaml b/charts/superstream/templates/deployment-syslog.yaml index 7ee9b43..7e2cd8c 100644 --- a/charts/superstream/templates/deployment-syslog.yaml +++ b/charts/superstream/templates/deployment-syslog.yaml @@ -28,7 +28,7 @@ spec: {{- end }} {{- end }} securityContext: - {{- toYaml .Values.syslog.podSecurityContext | nindent 8 }} + {{- include "superstream.podSecurityContext" (merge (pick $.Values "global") .Values.syslog) | nindent 4 }} containers: - name: syslog-ng {{ include "superstream.image" (merge (pick $.Values "global") .Values.syslog.image) | nindent 8 }} diff --git a/charts/superstream/values.yaml b/charts/superstream/values.yaml index 72b6461..8590282 100644 --- a/charts/superstream/values.yaml +++ b/charts/superstream/values.yaml @@ -21,6 +21,10 @@ global: # global labels will be applied to all resources deployed by the chart labels: {} + podSecurityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 2000 ############################################################ # NATS config @@ -96,7 +100,7 @@ superstreamEngine: prometheus.io/scrape: 'true' prometheus.io/port: "7777" podSecurityContext: {} - # fsGroup: 2000 + # fsGroup: 2000 securityContext: {} # capabilities: @@ -191,8 +195,8 @@ syslog: cpu: 50m podAnnotations: prometheus.io/scrape: 'false' - podSecurityContext: - fsGroup: 911 + podSecurityContext: {} + # fsGroup: 911 remoteSyslog: destinationHost: telegraf port: 6514 From be7b2b66a2fffadf23697804c8fea8201ded3e84 Mon Sep 17 00:00:00 2001 From: bkochauri-memphis Date: Wed, 16 Oct 2024 10:04:39 +0400 Subject: [PATCH 2/3] comment ctx --- charts/superstream/values.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/charts/superstream/values.yaml b/charts/superstream/values.yaml index 8590282..62fcc9e 100644 --- a/charts/superstream/values.yaml +++ b/charts/superstream/values.yaml @@ -21,10 +21,10 @@ global: # global labels will be applied to all resources deployed by the chart labels: {} - podSecurityContext: - runAsUser: 1000 - runAsGroup: 1000 - fsGroup: 2000 + podSecurityContext: {} + # runAsUser: 1000 + # runAsGroup: 1000 + # fsGroup: 2000 ############################################################ # NATS config From ed2c5f441768f740e3d487bae4086c6f06591cdf Mon Sep 17 00:00:00 2001 From: bkochauri-memphis Date: Wed, 16 Oct 2024 17:32:38 +0400 Subject: [PATCH 3/3] fix non relevant changes --- charts/superstream/templates/_helpers.tpl | 10 +--------- charts/superstream/values.yaml | 4 ++-- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/charts/superstream/templates/_helpers.tpl b/charts/superstream/templates/_helpers.tpl index 797f0d5..a497b4c 100644 --- a/charts/superstream/templates/_helpers.tpl +++ b/charts/superstream/templates/_helpers.tpl @@ -99,12 +99,4 @@ imagePullPolicy: {{ .pullPolicy | default .global.image.pullPolicy }} {{- if or .podSecurityContext .global.podSecurityContext -}} {{ toYaml (.podSecurityContext | default .global.podSecurityContext) | nindent 4 -}} {{- end }} -{{- end }} - - - - - - - - +{{- end }} \ No newline at end of file diff --git a/charts/superstream/values.yaml b/charts/superstream/values.yaml index 62fcc9e..a32225a 100644 --- a/charts/superstream/values.yaml +++ b/charts/superstream/values.yaml @@ -195,8 +195,8 @@ syslog: cpu: 50m podAnnotations: prometheus.io/scrape: 'false' - podSecurityContext: {} - # fsGroup: 911 + podSecurityContext: + fsGroup: 911 remoteSyslog: destinationHost: telegraf port: 6514