Skip to content
This repository has been archived by the owner on Feb 22, 2022. It is now read-only.

[stable/kube-slack] To run kube-slack as non root #21983

Closed
wants to merge 1 commit into from
Closed

[stable/kube-slack] To run kube-slack as non root #21983

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion stable/kube-slack/Chart.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
name: kube-slack
version: 1.3.1
version: 1.3.2
appVersion: v4.2.0
apiVersion: v1
description: Chart for kube-slack, a monitoring service for Kubernetes
Expand Down
6 changes: 2 additions & 4 deletions stable/kube-slack/templates/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,8 @@ spec:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
runAsUser: {{ .Values.image.runAsUser }}
env:
{{- range $key, $value := .Values.envVarsFromSecret }}
- name: {{ $key }}
Expand All @@ -41,10 +43,6 @@ spec:
- configMapRef:
name: {{ template "kube-slack.fullname" . }}
resources:
{{ if .Values.image.pullSecret }}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pierluigilenoci This is undoing your changes from #21915, which is probably not intended. Maybe you just need to merge the upstream master branch from helm/charts.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is undoing my changes from #21915 on purpose because was useless and even a broken solution. This new PR is a better approach to solve the problem.

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok. Why exactly was it broken? In my opinion it would be better to fix the pullSecret usage, instead of removing it, since somebody else might still need it.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you use my solution you get something like that

imagePullSecrets:
        - name: yoursecret {}

with an extra {} and I was not able to fix it because in this moment I don't have the time to eat my brain out.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So I preferred to remove it in favor of a solution that worked for what my needs were. That is to make this chart compatible with the pod security policy. Not the best solution ever but at least the chart is not broken.

imagePullSecrets:
- name: {{ .Values.image.pullSecret }}
{{- end }}
{{ toYaml .Values.resources | indent 12 }}
{{- if .Values.rbac.create }}
serviceAccountName: {{ template "kube-slack.fullname" . }}
Expand Down
3 changes: 1 addition & 2 deletions stable/kube-slack/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,8 +38,7 @@ image:
repository: willwill/kube-slack
tag: v4.2.0
pullPolicy: IfNotPresent
# If specified, use these secrets to access the image
# pullSecret: registry-secret
runAsUser: 1000

resources: {}
# limits:
Expand Down