You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/12/16 05:41:44 UTC

[GitHub] [airflow] dstandish commented on a change in pull request #18249: Add support for securityContext per deployment

dstandish commented on a change in pull request #18249:
URL: https://github.com/apache/airflow/pull/18249#discussion_r770202985



##########
File path: chart/templates/_helpers.yaml
##########
@@ -616,3 +615,49 @@ Create the name of the cleanup service account to use
   {{- end -}}
   {{- $kubeVersion -}}
 {{- end -}}
+{{/*
+Set the default value for securityContext
+If no value is passed for securityContext or <node>.securityContext, defaults to global uid and gid
+*/}}
+{{- define "globalSecurityContext" -}}

Review comment:
       separately, i think a better name might be `airflowSecurityContext`.   the difference between the templates `globalSecurityContext` and `localSecurityContext` is not that one is global and one is local.  why?  because the global one could actually resolve to _either_ "local" or "global" -- it will try local, else it will try global, else it will use top level uid / gid.  it seems the real difference is one uses the airflow image and the other does not.
   
   could consider just having one defined template `securityContext` and add a parameter (to the template, i.e. using a 3rd list element) signaling whether it's the airflow image or not?  and based on that you could conditionally check the global params or not.

##########
File path: chart/templates/_helpers.yaml
##########
@@ -616,3 +615,49 @@ Create the name of the cleanup service account to use
   {{- end -}}
   {{- $kubeVersion -}}
 {{- end -}}
+{{/*
+Set the default value for securityContext
+If no value is passed for securityContext or <node>.securityContext, defaults to global uid and gid
+*/}}
+{{- define "globalSecurityContext" -}}

Review comment:
       @jedcunningham we are inconsistent with our  naming of defined templates (i.e. with respect to snake case vs camel case) do you have any thoughts about which way is the right way?




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org