Skip to content

Commit

Permalink
feat: Move pod security context to manager
Browse files Browse the repository at this point in the history
  • Loading branch information
@gonmmarques
gonmmarques committed Nov 4, 2024
1 parent e61e491 commit d3cfefd
Show file tree
Hide file tree
Showing 4 changed files with 19 additions and 10 deletions.
4 changes: 3 additions & 1 deletion charts/k6-operator/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ Kubernetes: `>=1.16.0-0`
| global.image.pullSecrets | list | `[]` | Optional set of global image pull secrets |
| global.image.registry | string | `""` | Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) |
| installCRDs | bool | `true` | Installs CRDs as part of the release |
| manager | object | `{"containerSecurityContext":{},"env":[],"envFrom":[],"image":{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"grafana/k6-operator","tag":"controller-v0.0.17"},"livenessProbe":{},"readinessProbe":{},"replicas":1,"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}},"serviceAccount":{"create":true,"name":"k6-operator-controller"}}` | controller-manager configuration |
| manager | object | `{"containerSecurityContext":{},"env":[],"envFrom":[],"image":{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"grafana/k6-operator","tag":"controller-v0.0.17"},"livenessProbe":{},"podSecurityContext":{},"readinessProbe":{},"replicas":1,"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}},"serviceAccount":{"create":true,"name":"k6-operator-controller"}}` | controller-manager configuration |
| manager.containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for the container. |
| manager.env | list | `[]` | List of environment variables to set in the controller |
| manager.envFrom | list | `[]` | List of sources to populate environment variables in the controller |
Expand All @@ -49,6 +49,7 @@ Kubernetes: `>=1.16.0-0`
| manager.image.repository | string | `"grafana/k6-operator"` | controller-manager image repository |
| manager.image.tag | string | `"controller-v0.0.17"` | controller-manager image tag |
| manager.livenessProbe | object | `{}` | Liveness probe in Probe format |
| manager.podSecurityContext | object | `{}` | A security context defines privileges and access control settings for a Pod |
| manager.readinessProbe | object | `{}` | Readiness probe in Probe format |
| manager.replicas | int | `1` | number of controller-manager replicas (default: 1) |
| manager.resources | object | `{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}}` | controller-manager Resources definition |
Expand All @@ -67,3 +68,4 @@ Kubernetes: `>=1.16.0-0`
| podLabels | object | `{}` | Custom Label to be applied on all pods |
| prometheus.enabled | bool | `false` | enables the prometheus metrics scraping (default: false) |
| tolerations | list | `[]` | Tolerations to be applied on all containers |

4 changes: 2 additions & 2 deletions charts/k6-operator/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,9 @@ spec:
{{- include "k6-operator.podAnnotations" . | default "" | nindent 8 }}
{{- end }}
spec:
{{- if .Values.global.podSecurityContext }}
{{- if .Values.manager.podSecurityContext }}
securityContext:
{{- toYaml .Values.global.podSecurityContext | nindent 8 }}
{{- toYaml .Values.manager.podSecurityContext | nindent 8 }}
{{- end }}
containers:
- name: manager
Expand Down
6 changes: 6 additions & 0 deletions charts/k6-operator/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -179,6 +179,12 @@
"title": "livenessProbe",
"type": "object"
},
"podSecurityContext": {
"additionalProperties": true,
"description": "manager.podSecurityContext -- A security context defines privileges and access control settings for a Pod",
"title": "podSecurityContext",
"type": "object"
},
"readinessProbe": {
"additionalProperties": true,
"description": "manager.readinessProbe -- Readiness probe in Probe format",
Expand Down
15 changes: 8 additions & 7 deletions charts/k6-operator/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,6 @@ global:
# global.image.pullSecrets -- Optional set of global image pull secrets
pullSecrets: []

# @schema
# required: false
# type: object
# @schema
# global.podSecurityContext -- A security context defines privileges and access control settings for a Pod
podSecurityContext: {}

# @schema
# additionalProperties: true
# required: false
Expand Down Expand Up @@ -331,3 +324,11 @@ manager:
# @schema
# manager.containerSecurityContext -- A security context defines privileges and access control settings for the container.
containerSecurityContext: {}

# @schema
# additionalProperties: true
# required: false
# type: object
# @schema
# manager.podSecurityContext -- A security context defines privileges and access control settings for a Pod
podSecurityContext: {}

Check failure on line 334 in charts/k6-operator/values.yaml

View workflow job for this annotation

GitHub Actions / lint 

334:25 [new-line-at-end-of-file] no new line character at the end of file

0 comments on commit d3cfefd

Please sign in to comment.