From 7b15e2a4ab0a51ea9bf9c6d4156497768e6810b1 Mon Sep 17 00:00:00 2001 From: Roman Date: Tue, 27 Oct 2020 14:32:27 +0200 Subject: [PATCH] Add possibility to set securityContext for Kafka and Zookeeper containers (#473) --- charts/cp-kafka/templates/statefulset.yaml | 3 +++ charts/cp-kafka/values.yaml | 7 +++++++ charts/cp-zookeeper/templates/statefulset.yaml | 3 +++ charts/cp-zookeeper/values.yaml | 9 ++++++++- 4 files changed, 21 insertions(+), 1 deletion(-) diff --git a/charts/cp-kafka/templates/statefulset.yaml b/charts/cp-kafka/templates/statefulset.yaml index c6aa5961..3417ddb8 100644 --- a/charts/cp-kafka/templates/statefulset.yaml +++ b/charts/cp-kafka/templates/statefulset.yaml @@ -81,6 +81,9 @@ spec: - name: {{ template "cp-kafka.name" . }}-broker image: "{{ .Values.image }}:{{ .Values.imageTag }}" imagePullPolicy: "{{ .Values.imagePullPolicy }}" + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 10 }} + {{- end }} ports: - containerPort: 9092 name: kafka diff --git a/charts/cp-kafka/values.yaml b/charts/cp-kafka/values.yaml index 9ce6d7ec..8ef19d5c 100644 --- a/charts/cp-kafka/values.yaml +++ b/charts/cp-kafka/values.yaml @@ -32,6 +32,13 @@ podManagementPolicy: OrderedReady ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies updateStrategy: RollingUpdate +# Security Context +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# for Kafka container +securityContext: {} + # runAsUser: 1000 + # runAsGroup: 1000 + ## Kafka Server properties ## ref: https://kafka.apache.org/documentation/#configuration configurationOverrides: diff --git a/charts/cp-zookeeper/templates/statefulset.yaml b/charts/cp-zookeeper/templates/statefulset.yaml index 4ac9ab25..c43e7db9 100644 --- a/charts/cp-zookeeper/templates/statefulset.yaml +++ b/charts/cp-zookeeper/templates/statefulset.yaml @@ -81,6 +81,9 @@ spec: - name: {{ template "cp-zookeeper.name" . }}-server image: "{{ .Values.image }}:{{ .Values.imageTag }}" imagePullPolicy: "{{ .Values.imagePullPolicy }}" + {{- if .Values.securityContext }} + securityContext: {{- toYaml .Values.securityContext | nindent 10 }} + {{- end }} ports: - containerPort: {{ .Values.clientPort }} name: client diff --git a/charts/cp-zookeeper/values.yaml b/charts/cp-zookeeper/values.yaml index f73f3401..be750875 100644 --- a/charts/cp-zookeeper/values.yaml +++ b/charts/cp-zookeeper/values.yaml @@ -21,7 +21,7 @@ imageTag: 5.5.0 ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images imagePullPolicy: IfNotPresent -## Specify an array of imagePullSecrets. +## Specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. ## ref: https://kubernetes.io/docs/concepts/containers/images/#specifying-imagepullsecrets-on-a-pod imagePullSecrets: @@ -35,6 +35,13 @@ podManagementPolicy: OrderedReady ## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies updateStrategy: RollingUpdate +# Security Context +# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ +# for Zookeeper container +securityContext: {} + # runAsUser: 1000 + # runAsGroup: 1000 + ## Zookeeper Configuration ## ref: https://zookeeper.apache.org/doc/r3.4.10/zookeeperAdmin.html#sc_configuration ## ref: https://docs.confluent.io/current/zookeeper/deployment.html#important-configuration-options