From a1fbddfc747d6133ca9f58b6560468d65b369c88 Mon Sep 17 00:00:00 2001 From: Peter Bacsko Date: Thu, 28 Nov 2024 19:41:05 +0100 Subject: [PATCH 1/2] [YUNIKORN-2990] Add support for securityContext in the helm charts --- helm-charts/yunikorn/templates/deployment.yaml | 12 ++++++++++++ helm-charts/yunikorn/values.yaml | 3 +++ 2 files changed, 15 insertions(+) diff --git a/helm-charts/yunikorn/templates/deployment.yaml b/helm-charts/yunikorn/templates/deployment.yaml index 2fbfe40..aecbbf3 100644 --- a/helm-charts/yunikorn/templates/deployment.yaml +++ b/helm-charts/yunikorn/templates/deployment.yaml @@ -49,6 +49,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet @@ -95,6 +99,10 @@ spec: fieldPath: metadata.namespace resources: {{- toYaml .Values.resources | nindent 12 }} + {{- with .Values.schedulerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- if .Values.enableWebService }} - name: yunikorn-scheduler-web image: "{{ .Values.web.image.repository }}:{{ .Values.web.image.tag }}" @@ -105,4 +113,8 @@ spec: protocol: TCP resources: {{- toYaml .Values.web.resources | nindent 12 }} + {{- with .Values.webSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} {{- end }} diff --git a/helm-charts/yunikorn/values.yaml b/helm-charts/yunikorn/values.yaml index 19a5127..7fa498a 100644 --- a/helm-charts/yunikorn/values.yaml +++ b/helm-charts/yunikorn/values.yaml @@ -128,3 +128,6 @@ enableWebService: true podLabels: {} podAnnotations: {} +podSecurityContext: {} +schedulerSecurityContext: {} +webSecurityContext: {} From 8c4e710eac710314c2ccd03cbb575a6aaecd599c Mon Sep 17 00:00:00 2001 From: Peter Bacsko Date: Wed, 4 Dec 2024 12:37:53 +0100 Subject: [PATCH 2/2] Include admission controller --- .../templates/admission-controller-deployment.yaml | 8 ++++++++ helm-charts/yunikorn/values.yaml | 2 ++ 2 files changed, 10 insertions(+) diff --git a/helm-charts/yunikorn/templates/admission-controller-deployment.yaml b/helm-charts/yunikorn/templates/admission-controller-deployment.yaml index 6e08cce..9e9973c 100644 --- a/helm-charts/yunikorn/templates/admission-controller-deployment.yaml +++ b/helm-charts/yunikorn/templates/admission-controller-deployment.yaml @@ -51,6 +51,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.admissionPodSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.admissionController.hostNetwork }} hostNetwork: true dnsPolicy: ClusterFirstWithHostNet @@ -88,6 +92,10 @@ spec: limits: cpu: {{ .Values.admissionController.resources.limits.cpu }} memory: {{ .Values.admissionController.resources.limits.memory }} + {{- with .Values.admissionContainerSecurityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} volumeMounts: - name: admission-controller-secrets mountPath: /run/secrets/webhook diff --git a/helm-charts/yunikorn/values.yaml b/helm-charts/yunikorn/values.yaml index 7fa498a..f5a1b26 100644 --- a/helm-charts/yunikorn/values.yaml +++ b/helm-charts/yunikorn/values.yaml @@ -131,3 +131,5 @@ podAnnotations: {} podSecurityContext: {} schedulerSecurityContext: {} webSecurityContext: {} +admissionPodSecurityContext: {} +admissionContainerSecurityContext: {}