Skip to content

Commit

Permalink
Add securityContexts in dagProcessor.logGroomerSidecar (apache#34499)
Browse files Browse the repository at this point in the history

---------

Co-authored-by: Elad Kalif <[email protected]>
  • Loading branch information
aldwyn and eladkal authored Nov 29, 2023
1 parent 6393b35 commit 92cc2ff
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 0 deletions.
2 changes: 2 additions & 0 deletions chart/templates/dag-processor/dag-processor-deployment.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@
{{- $revisionHistoryLimit := or .Values.dagProcessor.revisionHistoryLimit .Values.revisionHistoryLimit }}
{{- $securityContext := include "airflowPodSecurityContext" (list . .Values.dagProcessor) }}
{{- $containerSecurityContext := include "containerSecurityContext" (list . .Values.dagProcessor) }}
{{- $containerSecurityContextLogGroomerSidecar := include "containerSecurityContext" (list . .Values.dagProcessor.logGroomerSidecar) }}
{{- $containerSecurityContextWaitForMigrations := include "containerSecurityContext" (list . .Values.dagProcessor.waitForMigrations) }}
{{- $containerLifecycleHooks := or .Values.dagProcessor.containerLifecycleHooks .Values.containerLifecycleHooks }}
apiVersion: apps/v1
Expand Down Expand Up @@ -198,6 +199,7 @@ spec:
resources: {{- toYaml .Values.dagProcessor.logGroomerSidecar.resources | nindent 12 }}
image: {{ template "airflow_image" . }}
imagePullPolicy: {{ .Values.images.airflow.pullPolicy }}
securityContext: {{ $containerSecurityContextLogGroomerSidecar | nindent 12 }}
{{- if .Values.dagProcessor.logGroomerSidecar.command }}
command: {{ tpl (toYaml .Values.dagProcessor.logGroomerSidecar.command) . | nindent 12 }}
{{- end }}
Expand Down
2 changes: 2 additions & 0 deletions chart/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -1666,6 +1666,8 @@ dagProcessor:
# requests:
# cpu: 100m
# memory: 128Mi
securityContexts:
container: {}

waitForMigrations:
# Whether to create init container to wait for db migrations
Expand Down
2 changes: 2 additions & 0 deletions helm_tests/security/test_security_context.py
Original file line number Diff line number Diff line change
Expand Up @@ -322,10 +322,12 @@ def test_log_groomer_sidecar_container_setting(self):
values={
"scheduler": {**spec},
"workers": {**spec},
"dagProcessor": {**spec},
},
show_only=[
"templates/scheduler/scheduler-deployment.yaml",
"templates/workers/worker-deployment.yaml",
"templates/dag-processor/dag-processor-deployment.yaml",
],
)

Expand Down

0 comments on commit 92cc2ff

Please sign in to comment.