You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/09/16 15:43:39 UTC

[GitHub] [airflow] jedcunningham commented on a diff in pull request #24588: add: container securityContext not available in podSecurityContext

jedcunningham commented on code in PR #24588:
URL: https://github.com/apache/airflow/pull/24588#discussion_r973161043


##########
chart/values.yaml:
##########
@@ -35,12 +35,21 @@ revisionHistoryLimit: ~
 uid: 50000
 gid: 0
 
-# Default security context for airflow
+# Default security context for airflow (deprecated, use below in the future)
 securityContext: {}
 #  runAsUser: 50000
 #  fsGroup: 0
 #  runAsGroup: 0
 
+# Detailed default security context for airflow deployments
+securityContexts:
+  pod: {}
+  containers:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL

Review Comment:
   Sorry for the delay, coming back to this now.
   
   I had this backwards - this removes rights. While I agree this is a good sane default, we can't make this change in a minor release without breaking backward compatibility.  Given that, I think for now we should keep the default as nothing.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org