Make cleanup-leases security context configurable#587
Open
sirisaacnuketon wants to merge 1 commit intosigstore:mainfrom
Open
Make cleanup-leases security context configurable#587sirisaacnuketon wants to merge 1 commit intosigstore:mainfrom
sirisaacnuketon wants to merge 1 commit intosigstore:mainfrom
Conversation
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
from
5ee062e to
9c0675c
Compare
cpanato
requested changes
Aug 14, 2023
Member
cpanato
left a comment
cpanato
left a comment
There was a problem hiding this comment.
need rebase
and need to add the possible or sample values for the security context in a comment in the values.yaml for users to know what they can use
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
2 times, most recently
from
c32ccd6 to
de1e772
Compare
cpanato
reviewed
Aug 14, 2023
| - -c | ||
| - kubectl delete leases --all --ignore-not-found -n {{ .Release.Namespace }} | ||
| restartPolicy: OnFailure | ||
| {{- if .Values.leasescleanup.securityContext.enabled }} |
Member
There was a problem hiding this comment.
you might dont need the enabled variable, just to check if the object exists should be fine
Author
There was a problem hiding this comment.
I was trying to conform to the style used elsewhere in the helm chart, I'm happy to change it however if consistency isn't as important
hectorj2f
reviewed
Aug 14, 2023
hectorj2f
reviewed
Aug 14, 2023
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
2 times, most recently
from
4125424 to
3269ce5
Compare
hectorj2f
reviewed
Aug 18, 2023
hectorj2f
reviewed
Aug 18, 2023
hectorj2f
previously approved these changes
Aug 18, 2023
Contributor
hectorj2f
left a comment
hectorj2f
left a comment
There was a problem hiding this comment.
LGTM overall, just few minor changes.
cpanato
requested changes
Aug 18, 2023
Member
cpanato
left a comment
cpanato
left a comment
There was a problem hiding this comment.
please update the code to check Hector's comments
thank you!
The SecurityContext field for this job is currently static, however when deploying policy-controller into a namespace that uses Pod Security Admission controllers this job will not be able to run. Signed-off-by: Simon Witheridge <simon.witheridge@sainsburys.co.uk>
sirisaacnuketon
force-pushed
the
feat/configurableSecurityContext
branch
from
3269ce5 to
8ea867a
Compare
hectorj2f
approved these changes
Aug 21, 2023
bobcallaway
approved these changes
Sep 1, 2023
Contributor
|
@sirisaacnuketon Please, could you fix the conflicts? |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description of the change
The SecurityContext field for this job is currently static, however when deploying policy-controller into a namespace that uses Pod Security Admission controllers this job will not be able to run.
This adds a new field to the values file that operates in a manner similar to the
securityContextoption for the webhook deployment.Existing or Associated Issue(s)
Additional Information
Checklist
Chart.yamlaccording to semver. Where applicable, update and bump the versions in any associated umbrella chartvalues.yamland added to the README.md. The helm-docs utility can be used to generate the necessary content. Usehelm-docs --dry-runto preview the content.ct lintcommand.