Strona główna Odkrywaj Pomoc
Zaloguj się
kennyh
/
emqx4.3
1
0
Forkuj 0
Pliki Problemy 0 Oczekujące zmiany 0 Wiki
Przeglądaj źródła

feat(helm): allow custom securityContext

zhanghongtong 4 lat temu
rodzic
81602c973c
commit
fc0dea75e4
2 zmienionych plików z 18 dodań i 3 usunięć
Zunifikowany widok Pokaż statystyki zmian
  1. 6 2
      deploy/charts/emqx/templates/StatefulSet.yaml
  2. 12 1
      deploy/charts/emqx/values.yaml

+ 6 - 2
deploy/charts/emqx/templates/StatefulSet.yaml
Wyświetl plik 

@@ -83,8 +83,9 @@ spec:
 
           secretName: {{ .Values.emqxLicneseSecretName }}
 
           secretName: {{ .Values.emqxLicneseSecretName }}
 
       {{- end }}
 
       {{- end }}
 
       serviceAccountName:  {{ include "emqx.fullname" . }}
 
       serviceAccountName:  {{ include "emqx.fullname" . }}
 
-      securityContext:
 
-        fsGroup: 1000
 
+      {{- if .Values.podSecurityContext.enabled }}
 
+      securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
 
+      {{- end }}
 
       {{- if .Values.initContainers }}
 
       {{- if .Values.initContainers }}
 
       initContainers:
 
       initContainers:
 
 {{ toYaml .Values.initContainers | indent 8 }}
 
 {{ toYaml .Values.initContainers | indent 8 }}
 
@@ -99,6 +100,9 @@ spec:
 
         - name: emqx
 
         - name: emqx
 
           image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
 
           image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
 
           imagePullPolicy: {{ .Values.image.pullPolicy }}
 
           imagePullPolicy: {{ .Values.image.pullPolicy }}
 
+          {{- if .Values.containerSecurityContext.enabled }}
 
+          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
 
+          {{- end }}
 
           ports:
 
           ports:
 
           - name: mqtt
 
           - name: mqtt
 
             containerPort: {{ .Values.emqxConfig.EMQX_LISTENER__TCP__EXTERNAL | default 1883 }}
 
             containerPort: {{ .Values.emqxConfig.EMQX_LISTENER__TCP__EXTERNAL | default 1883 }}

+ 12 - 1
deploy/charts/emqx/values.yaml
Wyświetl plik 

@@ -176,4 +176,15 @@ ingress:
 
     - api.emqx.local
 
     - api.emqx.local
 
     tls: []
 
     tls: []
 
 
 
-
 
+podSecurityContext:
 
+  enabled: true
 
+  fsGroup: 1000
 
+  fsGroupChangePolicy: Always
 
+  runAsUser: 1000
 
+  supplementalGroups:
 
+    - 1000
 
+
 
+containerSecurityContext:
 
+  enabled: true
 
+  runAsNonRoot: true
 
+  runAsUser: 1000