Skip to content

feat: make privilege levels selectable in values file #1007

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

feat: make privilege levels selectable in values file #1007

wants to merge 2 commits into from

Conversation

@BrendanGalloway
Copy link
Contributor

@BrendanGalloway BrendanGalloway commented May 19, 2023

No description provided.

@BrendanGalloway BrendanGalloway requested a review from moshloop May 19, 2023 09:48
@netlify
Copy link

netlify bot commented May 19, 2023
edited
Loading

Deploy Preview for elaborate-horse-ac1743 ready!

Name Link
🔨 Latest commit 6809694
🔍 Latest deploy log https://app.netlify.com/sites/elaborate-horse-ac1743/deploys/646c831b5f97e30008c6e93a
😎 Deploy Preview https://deploy-preview-1007--elaborate-horse-ac1743.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.

To edit notification comments on pull requests, go to your Netlify site settings.

graphite-app[bot]
graphite-app bot reviewed Jan 16, 2025
View reviewed changes
chart/templates/_helpers.tpl
Comment on lines +64 to +76
{{- define "canary-checker.containerSecurityContext" -}}
allowPrivilegeEscalation: {{- if eq ( lower .Values.privilegeMode ) "privileged" }}true{{- else }}false{{- end }}
{{- if has ( lower .Values.privilegeMode) ( list "privileged" "root" ) }}
runAsUser: 0
runAsGroup: 0
fsGroup: 0
{{- if eq ( lower .Values.privilegeMode ) "privileged" }}
capabilities:
add:
- CAP_NET_RAW
{{- end }}
{{- end }}
{{- end }}
Copy link

@graphite-app graphite-app bot Jan 16, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The fsGroup setting belongs in the pod's securityContext block, not the container's. This is because file system group IDs are a pod-level configuration that applies to all containers. Consider moving this setting to a separate helper template that's included in the pod's securityContext section of the deployment manifest.

Spotted by Graphite Reviewer

Is this helpful? React 👍 or 👎 to let us know.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@graphite-app graphite-app[bot] graphite-app[bot] left review comments

@moshloop moshloop Awaiting requested review from moshloop

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@BrendanGalloway