fluxcd
/
flagger
mirror of https://github.com/fluxcd/flagger.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1803 from alex-souslik-hs/main 

loadtester: add pod security context
This commit is contained in:
Stefan Prodan 2025-04-21 09:23:30 +02:00 committed by GitHub
parent 6f165a10de ed38a79545
commit 27daa2ca46
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 16 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
charts/loadtester/README.md
View File

@ -69,8 +69,10 @@ The following tables lists the configurable parameters of the load tester chart
| `istio.tls.enabled` | Enable TLS in gateway ( TLS secrets should be in namespace ) | `false` | | `istio.tls.enabled` | Enable TLS in gateway ( TLS secrets should be in namespace ) | `false` |
| `istio.tls.httpsRedirect` | Redirect traffic to TLS port | `false` | | `istio.tls.httpsRedirect` | Redirect traffic to TLS port | `false` |
| `podPriorityClassName` | PriorityClass name for pod priority configuration | "" | | `podPriorityClassName` | PriorityClass name for pod priority configuration | "" |
| `securityContext.enabled` | Add securityContext to container | "" | | `securityContext.enabled` | Add securityContext to container | `false` |
| `securityContext.context` | securityContext to add | "" | | `SecurityContext.context` | securityContext to add | "" |
| `podSecurityContext.enabled` | Add securityContext to pod | `false` |
| `podSecurityContext.context` | securityContext to add | "" |
| `podDisruptionBudget.enabled` | A PodDisruptionBudget will be created if `true` | `false` | | `podDisruptionBudget.enabled` | A PodDisruptionBudget will be created if `true` | `false` |
| `podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1` | | `podDisruptionBudget.minAvailable` | The minimal number of available replicas that will be set in the PodDisruptionBudget | `1` |

8
charts/loadtester/templates/deployment.yaml
View File

@ -24,7 +24,7 @@ spec:
appmesh.k8s.aws/ports: "444" appmesh.k8s.aws/ports: "444"
openservicemesh.io/inbound-port-exclusion-list: "80, 8080" openservicemesh.io/inbound-port-exclusion-list: "80, 8080"
{{- if .Values.podAnnotations }} {{- if .Values.podAnnotations }}
{{ toYaml .Values.podAnnotations | indent 8 }} {{- toYaml .Values.podAnnotations | nindent 8 }}
{{- end }} {{- end }}
spec: spec:
{{- if .Values.serviceAccountName }} {{- if .Values.serviceAccountName }}
@ -39,7 +39,7 @@ spec:
- name: {{ .Chart.Name }} - name: {{ .Chart.Name }}
{{- if .Values.securityContext.enabled }} {{- if .Values.securityContext.enabled }}
securityContext: securityContext:
{{ toYaml .Values.securityContext.context | indent 12 }} {{- toYaml .Values.securityContext.context | nindent 12 }}
{{- end }} {{- end }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }} imagePullPolicy: {{ .Values.image.pullPolicy }}
@ -102,3 +102,7 @@ spec:
tolerations: tolerations:
{{- toYaml . | nindent 8 }} {{- toYaml . | nindent 8 }}
{{- end }} {{- end }}
{{- if .Values.podSecurityContext.enabled }}
securityContext:
{{- toYaml .Values.podSecurityContext.context | nindent 12 }}
{{- end }}

6
charts/loadtester/values.yaml
View File

@ -91,6 +91,12 @@ securityContext:
runAsUser: 100 runAsUser: 100
runAsGroup: 101 runAsGroup: 101
podSecurityContext:
enabled: false
context:
fsGroup: 101
fsGroupChangePolicy: "OnRootMismatch"
podDisruptionBudget: podDisruptionBudget:
enabled: false enabled: false
minAvailable: 1 minAvailable: 1