Skip to content

Commit daf1396

Browse files
author
Mateusz
committed
adding security context
1 parent 6451bc0 commit daf1396

3 files changed

Lines changed: 43 additions & 0 deletions

File tree

charts/netdata/README.md

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1845,6 +1845,33 @@ false
18451845
</td>
18461846
<td>Number of seconds after which the readiness probe times out</td>
18471847
</tr>
1848+
<tr>
1849+
<td>netdataOpentelemetry.securityContext.runAsUser</td>
1850+
<td>int</td>
1851+
<td><pre lang="json">
1852+
201
1853+
</pre>
1854+
</td>
1855+
<td>The UID to run the container process</td>
1856+
</tr>
1857+
<tr>
1858+
<td>netdataOpentelemetry.securityContext.runAsGroup</td>
1859+
<td>int</td>
1860+
<td><pre lang="json">
1861+
201
1862+
</pre>
1863+
</td>
1864+
<td>The GID to run the container process</td>
1865+
</tr>
1866+
<tr>
1867+
<td>netdataOpentelemetry.securityContext.fsGroup</td>
1868+
<td>int</td>
1869+
<td><pre lang="json">
1870+
201
1871+
</pre>
1872+
</td>
1873+
<td>The supplementary group for setting permissions on volumes</td>
1874+
</tr>
18481875
<tr>
18491876
<td>netdataOpentelemetry.terminationGracePeriodSeconds</td>
18501877
<td>int</td>

charts/netdata/templates/netdata-otel/deployment.yaml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,8 @@ spec:
3737
{{ toYaml . | trim | indent 8 }}
3838
{{- end }}
3939
spec:
40+
securityContext:
41+
fsGroup: {{ .Values.netdataOpentelemetry.securityContext.fsGroup }}
4042
serviceAccountName: {{ .Values.serviceAccount.name }}
4143
restartPolicy: Always
4244
{{- if .Values.netdataOpentelemetry.priorityClassName }}
@@ -122,6 +124,9 @@ spec:
122124
periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }}
123125
successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }}
124126
timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }}
127+
securityContext:
128+
runAsUser: {{ .Values.netdataOpentelemetry.securityContext.runAsUser }}
129+
runAsGroup: {{ .Values.netdataOpentelemetry.securityContext.runAsGroup }}
125130
volumeMounts:
126131
- name: os-release
127132
mountPath: /host/etc/os-release

charts/netdata/values.yaml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -930,6 +930,17 @@ netdataOpentelemetry:
930930
# @section -- Netdata OpenTelemetry
931931
timeoutSeconds: 1
932932

933+
securityContext:
934+
# -- The UID to run the container process
935+
# @section -- Netdata OpenTelemetry
936+
runAsUser: 201
937+
# -- The GID to run the container process
938+
# @section -- Netdata OpenTelemetry
939+
runAsGroup: 201
940+
# -- The supplementary group for setting permissions on volumes
941+
# @section -- Netdata OpenTelemetry
942+
fsGroup: 201
943+
933944
# -- Duration in seconds the pod needs to terminate gracefully
934945
# @section -- Netdata OpenTelemetry
935946
terminationGracePeriodSeconds: 30

0 commit comments

Comments
 (0)