Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[jaeger] define securityContext for each resources #527

Open
wants to merge 7 commits into
base: main
Choose a base branch
from
Open

[jaeger] define securityContext for each resources #527

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
7adbb13
define securityContext for each resources
eumel8 Dec 17, 2023
4053724
bump version jaeger chart
eumel8 Dec 17, 2023
0bec974
fix unused values
eumel8 Jan 3, 2024
a8c5f62
fix merge conflict
eumel8 Jan 3, 2024
35c5524
revert missing resources values
eumel8 Jan 3, 2024
fc83275
remove duplicated resources values
eumel8 Jan 3, 2024
3ebbbff
Merge branch 'main' into feat/globalsecurity
pavelnikolov Apr 23, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion charts/jaeger/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ appVersion: 1.53.0
description: A Jaeger Helm chart for Kubernetes
name: jaeger
type: application
version: 3.0.2
version: 3.1.0
# CronJobs require v1.21
kubeVersion: ">= 1.21-0"
keywords:
Expand All @@ -14,6 +14,7 @@ keywords:
home: https://jaegertracing.io
icon: https://camo.githubusercontent.com/afa87494e0753b4b1f5719a2f35aa5263859dffb/687474703a2f2f6a61656765722e72656164746865646f63732e696f2f656e2f6c61746573742f696d616765732f6a61656765722d766563746f722e737667
sources:
- https://github.com/jaegertracing/helm-charts
- https://hub.docker.com/u/jaegertracing/
maintainers:
- name: dvonthenen
Expand Down
20 changes: 15 additions & 5 deletions charts/jaeger/templates/agent-ds.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,8 +32,6 @@ spec:
{{- toYaml .Values.agent.podLabels | nindent 8 }}
{{- end }}
spec:
securityContext:
{{- toYaml .Values.agent.podSecurityContext | nindent 8 }}
{{- if .Values.agent.useHostNetwork }}
hostNetwork: true
{{- end }}
Expand All @@ -49,8 +47,6 @@ spec:
{{- end}}
containers:
- name: {{ template "jaeger.agent.name" . }}
securityContext:
{{- toYaml .Values.agent.securityContext | nindent 10 }}
image: {{ include "agent.image" . }}
imagePullPolicy: {{ .Values.agent.image.pullPolicy }}
args:
Expand Down Expand Up @@ -102,8 +98,15 @@ spec:
httpGet:
path: /
port: admin
{{- if .Values.agent.resources }}
resources:
{{- toYaml .Values.agent.resources | nindent 10 }}
{{- toYaml .Values.agent.resources | nindent 10 }}
{{- end }}
{{- if or (.Values.agent.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.agent.securityContext | toYaml | nindent 10 }}
{{- end }}
{{- if or (.Values.agent.extraConfigmapMounts) (.Values.agent.extraSecretMounts) }}
volumeMounts:
{{- range .Values.agent.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -117,6 +120,12 @@ spec:
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
{{- if or (.Values.agent.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.agent.podSecurityContext | toYaml | nindent 8 }}
{{- end }}
{{- if or (.Values.agent.extraConfigmapMounts) (.Values.agent.extraSecretMounts) }}
volumes:
{{- range .Values.agent.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -128,6 +137,7 @@ spec:
secret:
secretName: {{ .secretName }}
{{- end }}
{{- end }}
{{- with .Values.agent.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
30 changes: 19 additions & 11 deletions charts/jaeger/templates/allinone-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,16 +98,21 @@ spec:
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
{{- with .Values.allInOne.resources }}
{{- with .Values.allInOne.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
{{- if or (.Values.allInOne.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.allInOne.securityContext | toYaml | nindent 12 }}
{{- end }}
{{- if or (.Values.allInOne.samplingConfig) (.Values.allInOne.extraSecretMounts) }}
volumeMounts:
{{- if not .Values.storage.badger.ephemeral }}
- name: badger-data
mountPath: {{ .Values.storage.badger.persistence.mountPath }}
{{- end }}
{{- if .Values.allInOne.samplingConfig}}
{{- if .Values.allInOne.samplingConfig }}
- name: strategies
mountPath: /etc/conf/
{{- end }}
Expand All @@ -117,11 +122,13 @@ spec:
subPath: {{ .subPath }}
readOnly: {{ .readOnly }}
{{- end }}
{{- end }}
{{- if or (.Values.allInOne.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
runAsUser: 10001
runAsGroup: 10001
fsGroup: 10001
{{- merge .Values.podSecurityContext .Values.allInOne.podSecurityContext | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "jaeger.fullname" . }}
{{- if or (.Values.allInOne.samplingConfig) (.Values.allInOne.extraSecretMounts)}}
volumes:
{{- if not .Values.storage.badger.ephemeral }}
- name: badger-data
Expand All @@ -132,14 +139,15 @@ spec:
- name: strategies
configMap:
name: {{ include "jaeger.fullname" . }}-sampling-strategies
{{- end }}
{{- range .Values.allInOne.extraSecretMounts }}
{{- end }}
{{- range .Values.allInOne.extraSecretMounts }}
- name: {{ .name }}
secret:
secretName: {{ .secretName }}
{{- end }}
{{- with .Values.allInOne.nodeSelector }}
{{- end }}
{{- end }}
{{- with .Values.allInOne.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
{{- end -}}
20 changes: 15 additions & 5 deletions charts/jaeger/templates/cassandra-schema-job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,16 +26,12 @@ spec:
{{- toYaml .Values.schema.podLabels | nindent 8 }}
{{- end }}
spec:
securityContext:
{{- toYaml .Values.schema.podSecurityContext | nindent 8 }}
serviceAccountName: {{ template "jaeger.cassandraSchema.serviceAccountName" . }}
{{- include "schema.imagePullSecrets" . | nindent 6 }}
containers:
- name: {{ include "jaeger.fullname" . }}-cassandra-schema
image: {{ include "schema.image" . }}
imagePullPolicy: {{ .Values.schema.image.pullPolicy }}
securityContext:
{{- toYaml .Values.schema.securityContext | nindent 10 }}
env:
{{- if .Values.schema.extraEnv }}
{{- toYaml .Values.schema.extraEnv | nindent 10 }}
Expand All @@ -57,8 +53,15 @@ spec:
- name: KEYSPACE
value: {{ .Values.storage.cassandra.keyspace }}
{{- end }}
{{- if .Values.schema.resources }}
resources:
{{- toYaml .Values.schema.resources | nindent 10 }}
{{- toYaml .Values.schema.resources | nindent 10 }}
{{- end }}
{{- if or (.Values.schema.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.schema.podSecurityContext | toYaml | nindent 10 }}
{{- end }}
{{- if or (.Values.schema.extraConfigmapMounts) (.Values.storage.cassandra.tls.enabled) }}
volumeMounts:
{{- range .Values.schema.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -84,7 +87,13 @@ spec:
subPath: "cqlshrc"
readOnly: true
{{- end }}
{{- end }}
restartPolicy: OnFailure
{{- if or (.Values.schema.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.schema.podSecurityContext | toYaml | nindent 8 }}
{{- end }}
{{- if or (.Values.schema.extraConfigmapMounts) (.Values.storage.cassandra.tls.enabled) }}
volumes:
{{- range .Values.schema.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -96,6 +105,7 @@ spec:
secret:
secretName: {{ .Values.storage.cassandra.tls.secretName }}
{{- end }}
{{- end }}
{{- end -}}
{{- end -}}
{{- end -}}
20 changes: 15 additions & 5 deletions charts/jaeger/templates/collector-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -35,8 +35,6 @@ spec:
{{- with .Values.collector.priorityClassName }}
priorityClassName: {{ . }}
{{- end }}
securityContext:
{{- toYaml .Values.collector.podSecurityContext | nindent 8 }}
serviceAccountName: {{ template "jaeger.collector.serviceAccountName" . }}
{{- include "collector.imagePullSecrets" . | nindent 6 }}
{{- if .Values.collector.initContainers }}
Expand All @@ -45,8 +43,6 @@ spec:
{{- end}}
containers:
- name: {{ template "jaeger.collector.name" . }}
securityContext:
{{- toYaml .Values.collector.securityContext | nindent 10 }}
image: {{ include "collector.image" . }}
imagePullPolicy: {{ .Values.collector.image.pullPolicy }}
args:
Expand Down Expand Up @@ -133,8 +129,15 @@ spec:
httpGet:
path: /
port: admin
{{- if .Values.collector.resources }}
resources:
{{- toYaml .Values.collector.resources | nindent 10 }}
{{- toYaml .Values.collector.resources | nindent 10 }}
{{- end }}
{{- if or (.Values.collector.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.collector.securityContext | toYaml | nindent 10 }}
{{- end }}
{{- if or (.Values.collector.extraConfigmapMounts) (.Values.collector.extraSecretMounts) (.Values.collector.samplingConfig) (.Values.storage.cassandra.tls.enable) (.Values.storage.elasticsearch.tls.enabled) }}
volumeMounts:
{{- range .Values.collector.extraConfigmapMounts }}
- name: {{ .name }}
Expand Down Expand Up @@ -172,8 +175,14 @@ spec:
- name: strategies
mountPath: /etc/conf/
{{- end }}
{{- end }}
dnsPolicy: {{ .Values.collector.dnsPolicy }}
restartPolicy: Always
{{- if or (.Values.collector.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.collector.podSecurityContext | toYaml | nindent 8 }}
{{- end }}
{{- if or (.Values.collector.extraConfigmapMounts) (.Values.collector.extraSecretMounts) (.Values.collector.samplingConfig) (.Values.storage.cassandra.tls.enable) (.Values.storage.elasticsearch.tls.enabled) }}
volumes:
{{- range .Values.collector.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -200,6 +209,7 @@ spec:
secret:
secretName: {{ .Values.storage.elasticsearch.tls.secretName }}
{{- end }}
{{- end }}
{{- with .Values.collector.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
16 changes: 15 additions & 1 deletion charts/jaeger/templates/es-index-cleaner-cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -56,8 +56,15 @@ spec:
{{- toYaml .Values.esIndexCleaner.extraEnv | nindent 14 }}
{{- end }}
{{ include "elasticsearch.env" . | nindent 14 }}
{{- if .Values.esIndexCleaner.resources }}
resources:
{{- toYaml .Values.esIndexCleaner.resources | nindent 14 }}
{{- toYaml .Values.esIndexCleaner.resources | nindent 14 }}
{{- end }}
{{- if or (.Values.esIndexCleaner.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.esIndexCleaner.securityContext | toYaml | nindent 14 }}
{{- end }}
{{- if or (.Values.esIndexCleaner.extraConfigmapMounts) (.Values.esIndexCleaner.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }}
volumeMounts:
{{- range .Values.esIndexCleaner.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -77,6 +84,7 @@ spec:
subPath: {{ .Values.storage.elasticsearch.tls.subPath }}
readOnly: true
{{- end }}
{{- end }}
restartPolicy: OnFailure
{{- with .Values.esIndexCleaner.nodeSelector }}
nodeSelector:
Expand All @@ -90,6 +98,11 @@ spec:
tolerations:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- if or (.Values.esIndexCleaner.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.esIndexCleaner.podSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if or (.Values.esIndexCleaner.extraConfigmapMounts) (.Values.esIndexCleaner.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }}
volumes:
{{- range .Values.esIndexCleaner.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -106,4 +119,5 @@ spec:
secret:
secretName: {{ .Values.storage.elasticsearch.tls.secretName }}
{{- end }}
{{- end }}
{{- end -}}
16 changes: 15 additions & 1 deletion charts/jaeger/templates/es-lookback-cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,15 @@ spec:
{{- if .Values.esLookback.extraEnv }}
{{- toYaml .Values.esLookback.extraEnv | nindent 14 }}
{{- end }}
{{- if .Values.esLookback.resources }}
resources:
{{- toYaml .Values.esLookback.resources | nindent 14 }}
{{- toYaml .Values.esLookback.resources | nindent 14 }}
{{- end }}
{{- if or (.Values.esLoopback.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.esLoopback.securityContext | toYaml | nindent 14 }}
{{- end }}
{{- if or (.Values.esLookback.extraConfigmapMounts) (.Values.esLookback.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }}
volumeMounts:
{{- range .Values.esLookback.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -91,6 +98,12 @@ spec:
subPath: {{ .Values.storage.elasticsearch.tls.subPath }}
readOnly: true
{{- end }}
{{- end }}
{{- if or (.Values.esLoopback.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.esLoopback.podSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if or (.Values.esLookback.extraConfigmapMounts) (.Values.esLookback.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }}
volumes:
{{- range .Values.esLookback.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -107,4 +120,5 @@ spec:
secret:
secretName: {{ .Values.storage.elasticsearch.tls.secretName }}
{{- end }}
{{- end }}
{{- end -}}
16 changes: 15 additions & 1 deletion charts/jaeger/templates/es-rollover-cronjob.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -70,8 +70,15 @@ spec:
{{- if .Values.esRollover.extraEnv }}
{{- toYaml .Values.esRollover.extraEnv | nindent 14 }}
{{- end }}
{{- if .Values.esRollover.resources }}
resources:
{{- toYaml .Values.esRollover.resources | nindent 14 }}
{{- toYaml .Values.esRollover.resources | nindent 14 }}
{{- end }}
{{- if or (.Values.esRollover.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.esRollover.securityContext | toYaml | nindent 14 }}
{{- end }}
{{- if or (.Values.esRollover.extraConfigmapMounts) (.Values.esRollover.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }}
volumeMounts:
{{- range .Values.esRollover.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -91,6 +98,12 @@ spec:
subPath: {{ .Values.storage.elasticsearch.tls.subPath }}
readOnly: true
{{- end }}
{{- end }}
{{- if or (.Values.esRollover.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- merge .Values.podSecurityContext .Values.esRollover.podSecurityContext | toYaml | nindent 12 }}
{{- end }}
{{- if or (.Values.esRollover.extraConfigmapMounts) (.Values.esRollover.extraSecretMounts) (.Values.storage.elasticsearch.tls.enabled) }}
volumes:
{{- range .Values.esRollover.extraConfigmapMounts }}
- name: {{ .name }}
Expand All @@ -107,4 +120,5 @@ spec:
secret:
secretName: {{ .Values.storage.elasticsearch.tls.secretName }}
{{- end }}
{{- end }}
{{- end -}}
10 changes: 7 additions & 3 deletions charts/jaeger/templates/hotrod-deploy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,14 +18,14 @@ spec:
{{- include "jaeger.selectorLabels" . | nindent 8 }}
app.kubernetes.io/component: hotrod
spec:
{{- if or (.Values.hotrod.podSecurityContext) (.Values.podSecurityContext) }}
securityContext:
{{- toYaml .Values.hotrod.podSecurityContext | nindent 8 }}
{{- merge .Values.podSecurityContext .Values.hotrod.podSecurityContext | toYaml | nindent 8 }}
{{- end }}
serviceAccountName: {{ template "jaeger.hotrod.serviceAccountName" . }}
{{- include "hotrod.imagePullSecrets" . | nindent 6 }}
containers:
- name: {{ include "jaeger.fullname" . }}-hotrod
securityContext:
{{- toYaml .Values.hotrod.securityContext | nindent 12 }}
image: {{ include "hotrod.image" . }}
imagePullPolicy: {{ .Values.hotrod.image.pullPolicy }}
args:
Expand Down Expand Up @@ -55,6 +55,10 @@ spec:
port: http
resources:
{{- toYaml .Values.hotrod.resources | nindent 12 }}
{{- if or (.Values.hotrod.securityContext) (.Values.securityContext) }}
securityContext:
{{- merge .Values.securityContext .Values.hotrod.securityContext | toYaml | nindent 12 }}
{{- end }}
{{- with .Values.hotrod.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
Expand Down
Loading
Loading