charts Support `pod.spec.containers.securityContext` specification

Support `pod.spec.containers.securityContext` specification

Open LittleWat opened this issue 1 year ago • 6 comments

This PR attempts to close #116

Dec 20 '23 05:12 LittleWat

@hashhar sorry to ask you but could you kindly review this, please...? 🙏

Jan 09 '24 06:01 LittleWat

Not a maintainer, but I'm wondering if it makes sense to define a default, restrictive securityContext out-of-the-box. Trino should support running as non-root and without privilege (escalation) requirements. Most, if not all, of the bitnami charts do this, e.g. https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml#L477.

Jan 24 '24 17:01 chgl

@chgl thank you for your comments! That would be better!

Update this PR following the valeriano-manassero's implementation

@mosabua sorry to ask you but I fixed the commit and rebased this branch to the latest main branch. Could you review this when you have time, please...? 🙏

Mar 12 '24 05:03 LittleWat

@mosabua thank you for your review! I have amended the commit to update the description! could you check this again, please...?

Mar 13 '24 05:03 LittleWat

How about keeping all of the security context open to values.yaml

          securityContext:
            {{- toYaml .Values.securityContext | nindent 12 }}

EDIT: Ignore you did exactly that

Mar 21 '24 16:03 bond-

@bond- Thank you for your comment! yes, that's exactly what I did in the first place. But I set the default following the comment in this review by amending the commit 🙇

Mar 25 '24 06:03 LittleWat

@LittleWat please rebase, and I'll review this once the new tests in the CI pass.

May 22 '24 07:05 nineinchnick

@nineinchnick thanks! rebased!

May 22 '24 09:05 LittleWat

@nineinchnick thank you for your quick review! yes, that would be better! Fixed!

May 22 '24 12:05 LittleWat

charts charts copied to clipboard

Support `pod.spec.containers.securityContext` specification

charts
charts copied to clipboard