feat: add toggle for securitycontext and podsecuritycontext#1546
Merged
oliverbaehler merged 1 commit intoJul 18, 2025
Merged
Conversation
739e843 to
df0a1a2
Compare
df0a1a2 to
9e0f2a7
Compare
Signed-off-by: sandert-k8s <sandert98@gmail.com>
9e0f2a7 to
5c26803
Compare
prometherion
approved these changes
Jul 18, 2025
prometherion
left a comment
Member
There was a problem hiding this comment.
LGTM, asking @oliverbaehler for a further review.
Member
|
Just saw projectcapsule/capsule-proxy#796, which is pretty similar: I think it's safe to get merged, it also maintains a backward compatibility in terms of previous behaviour. |
Contributor
Author
Yes, I've linked the other PR's in the opening post; they are all the same. I think this one isn't merged yet because there was a pipeline failing, which I fixed after that. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Added toggles for enabling/disabling securityContext and PodSecurityContext. If you have other security measurements in place (for example Openshift SCC's), the default SecurityContexts are not needed. In the past, we provided an empty string for the securityContext, which always worked. But suddenly, ArgoCD does not accept this anymore. So, adding a toggle for this.
(This is the same change as added in the sops-operator and capsule-proxy )