Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add securityContext and podSecurityContext values #271

Merged
merged 3 commits into from
Dec 30, 2021
Merged

Add securityContext and podSecurityContext values #271

merged 3 commits into from
Dec 30, 2021

Conversation

cognifloyd
Copy link
Member

In some clusters, a validation controller can prohibit creating pods that have not dropped capabilities, or require SELinux, AppArmor, or some other security feature. This exposes the Kubernetes SecurityContext feature so that it can be configured via helm values.

  • make securityContext and podSecurityContext configurable
  • add changelog entry

@pull-request-size pull-request-size bot added the size/L PR that changes 100-499 lines. Requires some effort to review. label Dec 2, 2021
@cognifloyd cognifloyd self-assigned this Dec 2, 2021
@cognifloyd cognifloyd requested a review from arm4b December 2, 2021 04:25
@cognifloyd cognifloyd force-pushed the security-context branch 3 times, most recently from d8d4a66 to 6d6538f Compare December 2, 2021 17:24
ericreeves
ericreeves approved these changes Dec 2, 2021
View reviewed changes
Copy link
Contributor

@ericreeves ericreeves left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

@agateblue
Copy link

When installing StackStorm through helm, I get the following error on the MongoDB container:

> kubectl logs -f -n stackstorm stackstorm-mongodb-0
Advertised Hostname: stackstorm-mongodb-0.stackstorm-mongodb-headless.stackstorm.svc.cluster.local
Pod name matches initial primary pod name, configuring node as a primary
mongodb 15:09:55.49 
mongodb 15:09:55.49 Welcome to the Bitnami mongodb container
mongodb 15:09:55.49 Subscribe to project updates by watching https://github.com/bitnami/bitnami-docker-mongodb
mongodb 15:09:55.49 Submit issues and feature requests at https://github.com/bitnami/bitnami-docker-mongodb/issues
mongodb 15:09:55.50 
mongodb 15:09:55.50 INFO  ==> ** Starting MongoDB setup **
mongodb 15:09:55.52 INFO  ==> Validating settings in MONGODB_* env vars...
mkdir: cannot create directory '/bitnami/mongodb/data': Permission denied

As far as I can tell, this is related to https://github.com/bitnami/bitnami-docker-mongodb/issues/177 and could be fixed if this merge request was merged :)

arm4b
arm4b approved these changes Dec 30, 2021
View reviewed changes
Copy link
Member

@arm4b arm4b left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @cognifloyd for the PR and @agateblue for additional heads up 👍

@cognifloyd cognifloyd merged commit fe9b3a5 into StackStorm:master Dec 30, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arm4b arm4b arm4b approved these changes

@ericreeves ericreeves ericreeves approved these changes

Assignees

@cognifloyd cognifloyd

Labels
feature K8s size/L PR that changes 100-499 lines. Requires some effort to review.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@cognifloyd @agateblue @arm4b @ericreeves