Skip to content

Commit

Permalink
fix podLabels & initContainer securityContext (#136)
Browse files Browse the repository at this point in the history 
Signed-off-by: André Bauer <[email protected]>

Signed-off-by: André Bauer <[email protected]>
  • Loading branch information
@monotek
monotek authored Nov 30, 2022
1 parent cb6249f commit a6ef6e3
Show file tree
Hide file tree
Showing 5 changed files with 33 additions and 18 deletions.
6 changes: 6 additions & 0 deletions .github/PULL_REQUEST_TEMPLATE.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,12 @@ We would like these checks to pass before we even continue reviewing your change
-->
# Which chart

- .

# What this PR does / why we need it

- .

# Which issue this PR fixes

*(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close that issue when PR gets merged)*
Expand All @@ -36,6 +40,8 @@ We would like these checks to pass before we even continue reviewing your change

# Special notes for your reviewer

- .

# Checklist
<!-- [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] -->
- [ ] [DCO](https://github.com/kokuwaio/helm-charts/blob/main/CONTRIBUTING.md#sign-off-your-work) signed
Expand Down
20 changes: 10 additions & 10 deletions .github/workflows/ci.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,12 @@ on:
- 'charts/**/**'

env:
helm-version: "v3.10.0"
helm-version: "v3.10.2"
kubeval-version: "v0.16.1"

jobs:
lint-chart:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -30,7 +30,7 @@ jobs:
run: ct lint --config .github/ct.yaml

super-linter:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
steps:
- name: Checkout Code
uses: actions/checkout@v3
Expand All @@ -47,15 +47,15 @@ jobs:
VALIDATE_YAML: false

kubeval-chart:
runs-on: ubuntu-20.04
runs-on: ubuntu-22.04
needs:
- lint-chart
strategy:
matrix:
k8s:
- v1.21.10
- v1.22.7
- v1.23.5
- v1.23.13
- v1.24.7
- v1.25.3
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -79,9 +79,9 @@ jobs:
strategy:
matrix:
k8s:
- v1.21.10
- v1.22.7
- v1.23.5
- v1.23.13
- v1.24.7
- v1.25.3
steps:
- name: Checkout
uses: actions/checkout@v3
Expand Down
2 changes: 1 addition & 1 deletion charts/visual-regression-tracker/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ sources:
- https://github.com/Visual-Regression-Tracker/Visual-Regression-Tracker
- https://github.com/kokuwaio/helm-charts/tree/main/charts/visual-regression-tracker
type: application
version: 1.0.0
version: 1.1.0
appVersion: "4.20.5"
maintainers:
- name: monotek
Expand Down
16 changes: 9 additions & 7 deletions charts/visual-regression-tracker/templates/statefulset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ spec:
{{- end }}
labels:
{{- include "visual-regression-tracker.selectorLabels" . | nindent 8 }}
{{- with .Values.podLables }}
{{- with .Values.podLabels }}
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
Expand Down Expand Up @@ -47,12 +47,12 @@ spec:
value: "{{ .Values.vrtConfig.postgresql.user }}"
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)"
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.vrtComponents.migration.image.repository }}:{{ .Values.vrtComponents.migration.image.tag }}"
imagePullPolicy: {{ .Values.vrtComponents.migration.image.pullPolicy }}
resources:
{{- toYaml .Values.vrtComponents.migration.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.vrtComponents.migration.initSecurityContext | nindent 12 }}
containers:
- name: {{ .Chart.Name }}-api
env:
Expand Down Expand Up @@ -93,15 +93,14 @@ spec:
value: "{{ .Values.vrtConfig.postgresql.user }}"
- name: DATABASE_URL
value: "postgresql://$(POSTGRES_USER):$(POSTGRES_PASSWORD)@$(POSTGRES_HOST):$(POSTGRES_PORT)/$(POSTGRES_DB)"
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.vrtComponents.api.image.repository }}:{{ .Values.vrtComponents.api.image.tag }}"
imagePullPolicy: {{ .Values.vrtComponents.api.image.pullPolicy }}
ports:
- name: api
containerPort: 3000
protocol: TCP
livenessProbe:
failureThreshold: 10
httpGet:
path: /health
port: api
Expand All @@ -111,6 +110,8 @@ spec:
port: api
resources:
{{- toYaml .Values.vrtComponents.api.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- name: {{ template "visual-regression-tracker.fullname" . }}
mountPath: /imageUploads
Expand All @@ -120,15 +121,14 @@ spec:
value: "{{ .Values.vrtConfig.reactAppApiUrl }}"
- name: VRT_VERSION
value: "{{ .Chart.AppVersion }}"
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.vrtComponents.ui.image.repository }}:{{ .Values.vrtComponents.ui.image.tag }}"
imagePullPolicy: {{ .Values.vrtComponents.ui.image.pullPolicy }}
ports:
- name: http
containerPort: 8080
protocol: TCP
livenessProbe:
failureThreshold: 10
httpGet:
path: /
port: http
Expand All @@ -138,6 +138,8 @@ spec:
port: http
resources:
{{- toYaml .Values.vrtComponents.ui.resources | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
volumeMounts:
- name: {{ template "visual-regression-tracker.fullname" . }}
mountPath: /usr/share/nginx/html/static/imageUploads
Expand Down
7 changes: 7 additions & 0 deletions charts/visual-regression-tracker/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -84,6 +84,13 @@ vrtComponents:

imagePullSecrets: []

initSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false

resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
Expand Down

0 comments on commit a6ef6e3

Please sign in to comment.