Add possibility to set securityContext for Kafka and Zookeeper contai…

…ners (#473)
confluentinc · Oct 27, 2020 · 7b15e2a · 7b15e2a
1 parent 3434a1e
commit 7b15e2a
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 1 deletion.
diff --git a/charts/cp-kafka/templates/statefulset.yaml b/charts/cp-kafka/templates/statefulset.yaml
@@ -81,6 +81,9 @@ spec:
       - name: {{ template "cp-kafka.name" . }}-broker
         image: "{{ .Values.image }}:{{ .Values.imageTag }}"
         imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+        {{- if .Values.securityContext }}
+        securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- end }}
         ports:
         - containerPort: 9092
           name: kafka

diff --git a/charts/cp-kafka/values.yaml b/charts/cp-kafka/values.yaml
@@ -32,6 +32,13 @@ podManagementPolicy: OrderedReady
 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
 updateStrategy: RollingUpdate
 
+# Security Context
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+# for Kafka container
+securityContext: {}
+  #  runAsUser: 1000
+  #  runAsGroup: 1000
+
 ## Kafka Server properties
 ## ref: https://kafka.apache.org/documentation/#configuration
 configurationOverrides:

diff --git a/charts/cp-zookeeper/templates/statefulset.yaml b/charts/cp-zookeeper/templates/statefulset.yaml
@@ -81,6 +81,9 @@ spec:
       - name: {{ template "cp-zookeeper.name" . }}-server
         image: "{{ .Values.image }}:{{ .Values.imageTag }}"
         imagePullPolicy: "{{ .Values.imagePullPolicy }}"
+        {{- if .Values.securityContext }}
+        securityContext: {{- toYaml .Values.securityContext | nindent 10 }}
+        {{- end }}
         ports:
         - containerPort: {{ .Values.clientPort }}
           name: client

diff --git a/charts/cp-zookeeper/values.yaml b/charts/cp-zookeeper/values.yaml
@@ -21,7 +21,7 @@ imageTag: 5.5.0
 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
 imagePullPolicy: IfNotPresent
 
-## Specify an array of imagePullSecrets. 
+## Specify an array of imagePullSecrets.
 ## Secrets must be manually created in the namespace.
 ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod
 imagePullSecrets:
@@ -35,6 +35,13 @@ podManagementPolicy: OrderedReady
 ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
 updateStrategy: RollingUpdate
 
+# Security Context
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+# for Zookeeper container
+securityContext: {}
+  #  runAsUser: 1000
+  #  runAsGroup: 1000
+
 ## Zookeeper Configuration
 ## ref: https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html#sc_configuration
 ## ref: https://docs.confluent.io/current/zookeeper/deployment.html#important-configuration-options