Currently there is a ContainerSecurityContext option in the main values file. It is expected that this is applied to all containers deployed with the gateway helm chart. However it is only applied to the deployment template and the pm-tagger-deployment template (which also seems bugged). Before I would patch this with using kustomize as a post renderer but with this particular job that is not possible since it's a post-install,post-upgrade helm job.
Benefits
You will be able to set the containerSecurityContext to meet your kubernetes cluster's security requirements and run the job.
Drawbacks
No drawbacks since it is optional.
Applicable issues
fixes #
Additional information
Currently I cannot use the otk-install job since our cluster has Polaris running which blocks any containers without a specific SecurityContext defined.
Checklist
[] Chart version bumped in Chart.yaml according to semver.
[] Variables are documented in the README.md
[x] Title of the PR starts with chart name (e.g. [charts/gateway])
[] If the chart contains a values-production.yaml apart from values.yaml, ensure that you implement the changes in both files
Description of the change
Currently there is a ContainerSecurityContext option in the main values file. It is expected that this is applied to all containers deployed with the gateway helm chart. However it is only applied to the deployment template and the pm-tagger-deployment template (which also seems bugged). Before I would patch this with using kustomize as a post renderer but with this particular job that is not possible since it's a post-install,post-upgrade helm job.
Benefits
You will be able to set the containerSecurityContext to meet your kubernetes cluster's security requirements and run the job.
Drawbacks
No drawbacks since it is optional.
Applicable issues
Additional information Currently I cannot use the otk-install job since our cluster has Polaris running which blocks any containers without a specific SecurityContext defined.
Checklist
Chart.yaml
according to semver.[charts/gateway]
)values-production.yaml
apart fromvalues.yaml
, ensure that you implement the changes in both files