From a576eeb0ff98e4cab74daf5d16c94ecc653eac9a Mon Sep 17 00:00:00 2001 From: Gianni Carafa Date: Tue, 17 Oct 2023 10:59:17 +0200 Subject: [PATCH 1/2] make security context configurable Signed-off-by: Gianni Carafa --- charts/graphite/README.md | 3 ++- charts/graphite/templates/statefulset.yaml | 2 ++ charts/graphite/values.yaml | 10 ++++++++++ 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/charts/graphite/README.md b/charts/graphite/README.md index d79ea674..3ca1e8ed 100644 --- a/charts/graphite/README.md +++ b/charts/graphite/README.md @@ -37,7 +37,7 @@ The following table lists the configurable parameters of the Graphite chart and | Parameter | Description | Default | |--------------------------------|----------------------------------------------|----------------------------------------| | `image.repository` | Docker image repo | `graphiteapp/graphite-statsd` | -| `image.tag` | Docker image | `1.1.5-4` | +| `image.tag` | Docker image | `1.1.5-4` | | `image.pullPolicy` | Docker image pull policy | `IfNotPresent` | | `service.type` | Service type | `ClusterIP` | | `service.port` | Service port of Graphite UI | `8080` | @@ -49,6 +49,7 @@ The following table lists the configurable parameters of the Graphite chart and | `persistence.accessMode` | PVC Access Mode for config volume | `ReadWriteOnce` | | `persistence.size` | PVC Storage Request for config volume | `10Gi` | | `resources` | Resource limits for Graphite pod | `{}` | +| `securityContext` | SecurityContext for Graphite pod | `{}` | | `ingress.enabled` | Ingress enabled | `false` | | `ingress.annotations` | Ingress annotations | `{}` | | `ingress.path` | Ingress path | `/` | diff --git a/charts/graphite/templates/statefulset.yaml b/charts/graphite/templates/statefulset.yaml index deda1508..f1bbb00e 100644 --- a/charts/graphite/templates/statefulset.yaml +++ b/charts/graphite/templates/statefulset.yaml @@ -82,6 +82,8 @@ spec: mountPath: /opt/statsd/config/udp.js - name: {{ template "graphite.fullname" . }}-pvc mountPath: /opt/graphite/storage/ + securityContext: +{{ toYaml .Values.securityContext | indent 10 }} volumes: - name: {{ template "graphite.fullname" . }}-configmap configMap: diff --git a/charts/graphite/values.yaml b/charts/graphite/values.yaml index 667e71d1..be413d75 100644 --- a/charts/graphite/values.yaml +++ b/charts/graphite/values.yaml @@ -56,6 +56,16 @@ resources: {} # cpu: 200m # memory: 512Mi +securityContext: {} + # runAsNonRoot: true + # runAsUser: 1000 + # runAsGroup: 1000 + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # privileged: false + nodeSelector: {} tolerations: [] From a81ba75a6f683a176849b2da73d6dbfda0546e5c Mon Sep 17 00:00:00 2001 From: Gianni Carafa Date: Tue, 17 Oct 2023 11:13:11 +0200 Subject: [PATCH 2/2] Bumped Graphite Chart Version Signed-off-by: Gianni Carafa --- charts/graphite/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/graphite/Chart.yaml b/charts/graphite/Chart.yaml index 5991db15..a2e7279b 100644 --- a/charts/graphite/Chart.yaml +++ b/charts/graphite/Chart.yaml @@ -1,5 +1,5 @@ apiVersion: v2 -version: 2.0.0 +version: 2.1.0 appVersion: "1.1.10-3" description: Graphite metrics server name: graphite