Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chart: Do not propagate global security context to statsd and redis #31865

Merged
merged 11 commits into from
Jun 22, 2023
Merged

Chart: Do not propagate global security context to statsd and redis #31865

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
de3f7d8
Propagate global pod security context to statsd
Aakcht Jun 13, 2023
3f6d7c7
Propagate global pod security context to redis
Aakcht Jun 14, 2023
3456fff
<node>.uid parameter can be set to 0
Aakcht Jun 14, 2023
835470a
Do not propagate global security context to redis/statsd
Aakcht Jun 21, 2023
b746b62
revert _helpers.tpl
Aakcht Jun 21, 2023
cd9976f
revert _helpers.tpl
Aakcht Jun 21, 2023
2202df6
revert _helpers.tpl
Aakcht Jun 21, 2023
ce9713c
static check fix
Aakcht Jun 21, 2023
eb5f2b8
review fixes
Aakcht Jun 22, 2023
09be379
review fixes
Aakcht Jun 22, 2023
9ebb9e9
Apply suggestions from code review
Aakcht Jun 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Apply suggestions from code review 
Co-authored-by: Jed Cunningham <66968678+jedcunningham@users.noreply.github.com>
  • Loading branch information
@Aakcht @jedcunningham
Aakcht and jedcunningham committed Jun 22, 2023
commit 9ebb9e960a48c9339a2d43feb3030d1eaa53e760
2 changes: 0 additions & 2 deletions chart/templates/_helpers.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -875,8 +875,6 @@ capabilities:

The template can be called like so:
include "externalContainerSecurityContext" .Values.statsd

Where `.` is the global variables scope and `.Values.webserver` the local variables scope for the webserver template.
*/}}
{{- define "externalContainerSecurityContext" -}}
{{- if .securityContexts.container -}}
Expand Down
1 change: 1 addition & 0 deletions tests/charts/security/test_security_context.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,6 +234,7 @@ def test_global_security_context(self):
"spec.template.spec.containers[0].securityContext", docs[index]
)
assert ctx_value_pod == jmespath.search("spec.template.spec.securityContext", docs[index])

# Global security context is not propagated to redis and statsd, so we test default value
Aakcht marked this conversation as resolved.
Show resolved Hide resolved
default_ctx_value_container = {"allowPrivilegeEscalation": False, "capabilities": {"drop": ["ALL"]}}
default_ctx_value_pod_statsd = {"runAsUser": 65534}
Expand Down