-
Notifications
You must be signed in to change notification settings - Fork 16.9k
[stable/datadog] Add options to set pod and container securityContext #17274
Conversation
Signed-off-by: Corey O'Brien <corey@fairwinds.com>
[APPROVALNOTIFIER] This PR is NOT APPROVED This pull-request has been approved by: coreypobrien The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Hi @coreypobrien. Thanks for your PR. I'm waiting for a helm member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/assign @clamoriniere @xlucas |
Signed-off-by: Corey O'Brien <corey@fairwinds.com>
Signed-off-by: Corey O'Brien <corey@fairwinds.com>
@hkaj @irabinovitch @CharlyF @mfpierre @clamoriniere @xlucas |
Signed-off-by: Corey O'Brien <corey@fairwinds.com>
Hey @coreypobrien - Sorry for the delay, and thanks for the PR! Best, |
Thanks for the update @CharlyF . Does that mean this won't be merged? |
This seems like a reasonable implementation, I have to double check with the team to confirm how to best integrate your change in this chart (or the new one). |
Sounds good. Is there a branch somewhere you're working on where I could take a look and help with anything? |
Hey @coreypobrien - I wanted to circle back on this. Best, |
The original use case was that, but when I started down the path I realized there were a lot of other security settings that users focused on that would want to use like My specific desires to to reduce privileges for places that the agent needs less permissions like when it is in cluster-agent or cluster-check or apm-only mode. |
@coreypobrien I see, thank you for clarifying. |
/ok-to-test |
@coreypobrien: The following test failed, say
Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
@coreypobrien |
Also @coreypobrien if you can please address my comment: #17274 (comment) |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
/remove-lifecycle stale |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions. |
This issue is being automatically closed due to inactivity. |
Hi @coreypobrien |
Merged in DataDog/helm-charts#83. |
Is this a new chart: Nope
What this PR does / why we need it: Adds options to specify securityContext settings for both pods and containers to handle special capabilities or more stringent security policies.
Which issue this PR fixes
Special notes for your reviewer: There is kind of a mixed nomenclature for the settings for various containers and pods because some are reused and some settings aren't mirrored everywhere. I tried to follow the existing naming instead of renaming everything.
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[stable/chart]
)