From a8aa2d5c0e3d9af57e065797b07fe8de16eb917a Mon Sep 17 00:00:00 2001 From: itboon Date: Mon, 16 Sep 2024 15:57:40 +0800 Subject: [PATCH] feat: Make securityContext configurable --- .../templates/broker/statefulset.yaml | 11 +++++++++-- .../templates/controller/statefulset.yaml | 10 ++++++++++ .../templates/nameserver/statefulset.yaml | 10 ++++++++++ .../rocketmq-cluster/templates/proxy/deployment.yaml | 10 ++++++++++ charts/rocketmq-cluster/values.yaml | 7 +++++++ charts/rocketmq/templates/broker/statefulset.yaml | 11 +++++++++-- charts/rocketmq/templates/controller/statefulset.yaml | 10 ++++++++++ charts/rocketmq/templates/nameserver/statefulset.yaml | 10 ++++++++++ charts/rocketmq/templates/proxy/deployment.yaml | 10 ++++++++++ charts/rocketmq/values.yaml | 9 ++++++++- 10 files changed, 93 insertions(+), 5 deletions(-) diff --git a/charts/rocketmq-cluster/templates/broker/statefulset.yaml b/charts/rocketmq-cluster/templates/broker/statefulset.yaml index 1654143..6d98056 100644 --- a/charts/rocketmq-cluster/templates/broker/statefulset.yaml +++ b/charts/rocketmq-cluster/templates/broker/statefulset.yaml @@ -84,12 +84,19 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} securityContext: - fsGroup: 3000 - runAsUser: 3000 + {{- if $.Values.broker.podSecurityContext }} + {{- toYaml $.Values.broker.podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: broker image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with $.Values.broker.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq-cluster/templates/controller/statefulset.yaml b/charts/rocketmq-cluster/templates/controller/statefulset.yaml index ceafa3d..7e9fad8 100644 --- a/charts/rocketmq-cluster/templates/controller/statefulset.yaml +++ b/charts/rocketmq-cluster/templates/controller/statefulset.yaml @@ -65,10 +65,20 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + securityContext: + {{- if .podSecurityContext }} + {{- toYaml .podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: nameserver image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with .containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq-cluster/templates/nameserver/statefulset.yaml b/charts/rocketmq-cluster/templates/nameserver/statefulset.yaml index 9ef046a..9f50fec 100644 --- a/charts/rocketmq-cluster/templates/nameserver/statefulset.yaml +++ b/charts/rocketmq-cluster/templates/nameserver/statefulset.yaml @@ -65,10 +65,20 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + securityContext: + {{- if .podSecurityContext }} + {{- toYaml .podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: nameserver image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with .containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq-cluster/templates/proxy/deployment.yaml b/charts/rocketmq-cluster/templates/proxy/deployment.yaml index 2797c7d..4a1a691 100644 --- a/charts/rocketmq-cluster/templates/proxy/deployment.yaml +++ b/charts/rocketmq-cluster/templates/proxy/deployment.yaml @@ -64,10 +64,20 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + securityContext: + {{- if .podSecurityContext }} + {{- toYaml .podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: proxy image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with .containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq-cluster/values.yaml b/charts/rocketmq-cluster/values.yaml index 9d50ac5..7ba9d16 100644 --- a/charts/rocketmq-cluster/values.yaml +++ b/charts/rocketmq-cluster/values.yaml @@ -6,11 +6,18 @@ image: pullPolicy: IfNotPresent tag: "5.3.0" +podSecurityContext: + fsGroup: 3000 + runAsUser: 3000 + broker: size: master: 2 replica: 1 + # podSecurityContext: {} + # containerSecurityContext: {} + master: brokerRole: ASYNC_MASTER jvm: diff --git a/charts/rocketmq/templates/broker/statefulset.yaml b/charts/rocketmq/templates/broker/statefulset.yaml index 1654143..6d98056 100644 --- a/charts/rocketmq/templates/broker/statefulset.yaml +++ b/charts/rocketmq/templates/broker/statefulset.yaml @@ -84,12 +84,19 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} securityContext: - fsGroup: 3000 - runAsUser: 3000 + {{- if $.Values.broker.podSecurityContext }} + {{- toYaml $.Values.broker.podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: broker image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with $.Values.broker.containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq/templates/controller/statefulset.yaml b/charts/rocketmq/templates/controller/statefulset.yaml index ceafa3d..7e9fad8 100644 --- a/charts/rocketmq/templates/controller/statefulset.yaml +++ b/charts/rocketmq/templates/controller/statefulset.yaml @@ -65,10 +65,20 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + securityContext: + {{- if .podSecurityContext }} + {{- toYaml .podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: nameserver image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with .containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq/templates/nameserver/statefulset.yaml b/charts/rocketmq/templates/nameserver/statefulset.yaml index 9ef046a..9f50fec 100644 --- a/charts/rocketmq/templates/nameserver/statefulset.yaml +++ b/charts/rocketmq/templates/nameserver/statefulset.yaml @@ -65,10 +65,20 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + securityContext: + {{- if .podSecurityContext }} + {{- toYaml .podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: nameserver image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with .containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq/templates/proxy/deployment.yaml b/charts/rocketmq/templates/proxy/deployment.yaml index 2797c7d..4a1a691 100644 --- a/charts/rocketmq/templates/proxy/deployment.yaml +++ b/charts/rocketmq/templates/proxy/deployment.yaml @@ -64,10 +64,20 @@ spec: tolerations: {{- toYaml . | nindent 8 }} {{- end }} + securityContext: + {{- if .podSecurityContext }} + {{- toYaml .podSecurityContext | nindent 8 }} + {{- else if $.Values.podSecurityContext }} + {{- toYaml $.Values.podSecurityContext | nindent 8 }} + {{- end }} containers: - name: proxy image: {{ $image | quote }} imagePullPolicy: {{ $.Values.image.pullPolicy | default "IfNotPresent" }} + {{- with .containerSecurityContext }} + securityContext: + {{- toYaml . | nindent 10 }} + {{- end }} command: - sh - /mq-server-start.sh diff --git a/charts/rocketmq/values.yaml b/charts/rocketmq/values.yaml index be5e5ae..4314179 100644 --- a/charts/rocketmq/values.yaml +++ b/charts/rocketmq/values.yaml @@ -5,11 +5,18 @@ image: pullPolicy: IfNotPresent tag: "5.3.0" +podSecurityContext: + fsGroup: 3000 + runAsUser: 3000 + broker: size: master: 1 replica: 0 + # podSecurityContext: {} + # containerSecurityContext: {} + master: brokerRole: ASYNC_MASTER jvm: @@ -89,7 +96,7 @@ nameserver: persistence: enabled: false - size: 8Gi + size: 20Gi #storageClass: "gp2" affinityOverride: {}