Make cleanup-leases security context configurable #587
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
from
5ee062e
to
9c0675c
Compare
cpanato
requested changes
Aug 14, 2023
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
2 times, most recently
from
c32ccd6
to
de1e772
Compare
cpanato
reviewed
Aug 14, 2023
| @@ -25,6 +25,12 @@ spec: | |||
| - -c | |||
| - kubectl delete leases --all --ignore-not-found -n {{ .Release.Namespace }} | |||
| restartPolicy: OnFailure | |||
| {{- if .Values.leasescleanup.securityContext.enabled }} | |||
There was a problem hiding this comment.
you might dont need the enabled variable, just to check if the object exists should be fine
There was a problem hiding this comment.
I was trying to conform to the style used elsewhere in the helm chart, I'm happy to change it however if consistency isn't as important
hectorj2f
reviewed
Aug 14, 2023
hectorj2f
reviewed
Aug 14, 2023
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
2 times, most recently
from
4125424
to
3269ce5
Compare
hectorj2f
reviewed
Aug 18, 2023
hectorj2f
reviewed
Aug 18, 2023
hectorj2f
previously approved these changes
Aug 18, 2023
cpanato
requested changes
Aug 18, 2023
The SecurityContext field for this job is currently static, however when deploying policy-controller into a namespace that uses Pod Security Admission controllers this job will not be able to run. Signed-off-by: Simon Witheridge <[email protected]>
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
from
3269ce5
to
8ea867a
Compare
hectorj2f
approved these changes
Aug 21, 2023
bobcallaway
approved these changes
Sep 1, 2023
|
@sirisaacnuketon Please, could you fix the conflicts? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description of the change
The SecurityContext field for this job is currently static, however when deploying policy-controller into a namespace that uses Pod Security Admission controllers this job will not be able to run.
This adds a new field to the values file that operates in a manner similar to the
securityContextoption for the webhook deployment.Existing or Associated Issue(s)
Additional Information
Checklist
Chart.yamlaccording to semver. Where applicable, update and bump the versions in any associated umbrella chartvalues.yamland added to the README.md. The helm-docs utility can be used to generate the necessary content. Usehelm-docs --dry-runto preview the content.ct lintcommand.