Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

Commit

Permalink
[stable/traefik] Add distinct container SecurityContext tunable (#20743
Browse files Browse the repository at this point in the history 
…) (#20887)

* [stable/traefik] Add distinct container SecurityContext tunable (#20743)

Signed-off-by: David Kirchner <dpk@dpk.net>

* [stable/traefik] Update new securityContext K8S API links to something more up to date

Signed-off-by: David Kirchner <dpk@dpk.net>
  • Loading branch information
@dpkirchner
dpkirchner authored Mar 3, 2020
1 parent 6b4504c commit 9d5ff66
Show file tree
Hide file tree
Showing 4 changed files with 13 additions and 4 deletions.
2 changes: 1 addition & 1 deletion stable/traefik/Chart.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
apiVersion: v1
name: traefik
version: 1.86.1
version: 1.86.2
appVersion: 1.7.20
description: A Traefik based Kubernetes ingress controller with Let's Encrypt support
keywords:
Expand Down
3 changes: 2 additions & 1 deletion stable/traefik/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -109,7 +109,8 @@ The following table lists the configurable parameters of the Traefik chart and t
| `memoryLimit` | **DEPRECATED**: use `resources` instead. Memory limit per Traefik pod | None |
| `rbac.enabled` | Whether to enable RBAC with a specific cluster role and binding for Traefik | `false` |
| `deploymentStrategy` | Specify deployment spec rollout strategy | `{}` |
| `securityContext` | Security context | `{}` |
| `podSecurityContext` | Security context for the pod. See [PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#podsecuritycontext-v1-core). | `{}` |
| `containerSecurityContext` | Security context for the container. See [SecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.16/#securitycontext-v1-core). | `{}` |
| `useNonPriviledgedPorts` | Use non privileged ports to listen. Needed if container is not running as root | `false` |
| `env` | Environment variables for the container | `{}` |
| `nodeSelector` | Node labels for pod assignment | `{}` |
Expand Down
8 changes: 6 additions & 2 deletions stable/traefik/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,9 +49,9 @@ spec:
{{ toYaml .Values.deployment.podLabels | indent 8 }}
{{- end }}
spec:
{{- if .Values.securityContext }}
{{- if .Values.podSecurityContext }}
securityContext:
{{ toYaml .Values.securityContext | indent 8 }}
{{ toYaml .Values.podSecurityContext | indent 8 }}
{{- end }}
{{- if .Values.rbac.enabled }}
serviceAccountName: {{ template "traefik.fullname" . }}
Expand Down Expand Up @@ -190,6 +190,10 @@ spec:
{{- range .Values.startupArguments }}
- {{ . }}
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext:
{{ toYaml .Values.containerSecurityContext | indent 10 }}
{{- end }}

volumes:
{{- if .Values.extraVolumes }}{{ toYaml .Values.extraVolumes | trim | nindent 6 }}{{ end }}
Expand Down
4 changes: 4 additions & 0 deletions stable/traefik/templates/storeconfig-job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,10 @@ spec:
env:
{{ toYaml .Values.env | indent 12 }}
{{- end }}
{{- if .Values.containerSecurityContext }}
securityContext:
{{ toYaml .Values.containerSecurityContext | indent 10 }}
{{- end }}
volumes:
- name: config
configMap:
Expand Down

0 comments on commit 9d5ff66

Please sign in to comment.