yuanbiao
/
emqx
1
0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(helm): allow custom securityContext

This commit is contained in:
zhanghongtong 2021-03-19 14:06:36 +08:00 committed by Rory Z
parent 81602c973c
commit fc0dea75e4
2 changed files with 17 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
deploy/charts/emqx/templates/StatefulSet.yaml
View File

@ -83,8 +83,9 @@ spec:
secretName: {{ .Values.emqxLicneseSecretName }} secretName: {{ .Values.emqxLicneseSecretName }}
{{- end }} {{- end }}
serviceAccountName: {{ include "emqx.fullname" . }} serviceAccountName: {{ include "emqx.fullname" . }}
securityContext: {{- if .Values.podSecurityContext.enabled }}
fsGroup: 1000 securityContext: {{- omit .Values.podSecurityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
{{- if .Values.initContainers }} {{- if .Values.initContainers }}
initContainers: initContainers:
{{ toYaml .Values.initContainers | indent 8 }} {{ toYaml .Values.initContainers | indent 8 }}
@ -99,6 +100,9 @@ spec:
- name: emqx - name: emqx
image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}" image: "{{ .Values.image.repository }}:{{ .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
{{- if .Values.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
ports: ports:
- name: mqtt - name: mqtt
containerPort: {{ .Values.emqxConfig.EMQX_LISTENER__TCP__EXTERNAL | default 1883 }} containerPort: {{ .Values.emqxConfig.EMQX_LISTENER__TCP__EXTERNAL | default 1883 }}

11
deploy/charts/emqx/values.yaml
View File

@ -176,4 +176,15 @@ ingress:
- api.emqx.local - api.emqx.local
tls: [] tls: []
podSecurityContext:
enabled: true
fsGroup: 1000
fsGroupChangePolicy: Always
runAsUser: 1000
supplementalGroups:
- 1000
containerSecurityContext:
enabled: true
runAsNonRoot: true
runAsUser: 1000