mirror of
https://github.com/clearml/clearml-helm-charts
synced 2025-04-17 01:31:13 +00:00
Changed: improved securityContexts
This commit is contained in:
Valeriano Manassero
parent
12388b0c86
commit
e44fa88727
@ -34,3 +34,5 @@ annotations:
|
|||||||
artifacthub.io/changes: |
|
artifacthub.io/changes: |
|
||||||
- kind: changed
|
- kind: changed
|
||||||
description: dependency chart updates
|
description: dependency chart updates
|
||||||
|
- kind: changed
|
||||||
|
description: improved securityContexts
|
||||||
|
|||||||
@ -115,6 +115,7 @@ Before issuing helm upgrade:
|
|||||||
|
|
||||||
* delete Redis statefulset(s)
|
* delete Redis statefulset(s)
|
||||||
* scale MongoDB deployment(s) replicas to 0
|
* scale MongoDB deployment(s) replicas to 0
|
||||||
|
* if using securityContexts check for new value form in values.yaml (podSecurityContext and containerSecurityContext)
|
||||||
|
|
||||||
## ENTERPRISE Version
|
## ENTERPRISE Version
|
||||||
|
|
||||||
@ -149,9 +150,10 @@ Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
|
|||||||
|
|
||||||
| Key | Type | Default | Description |
|
| Key | Type | Default | Description |
|
||||||
|-----|------|---------|-------------|
|
|-----|------|---------|-------------|
|
||||||
| apiserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"existingAdditionalConfigsConfigMap":"","existingAdditionalConfigsSecret":"","extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"indexReplicas":0,"indexShards":1,"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"securityContext":{},"service":{"nodePort":30008,"port":8008,"type":"NodePort"},"tolerations":[]}` | Api Server configurations |
|
| apiserver | object | `{"additionalConfigs":{},"affinity":{},"containerSecurityContext":{},"enabled":true,"existingAdditionalConfigsConfigMap":"","existingAdditionalConfigsSecret":"","extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"indexReplicas":0,"indexShards":1,"ingress":{"annotations":{},"enabled":false,"hostName":"api.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"prepopulateEnabled":true,"processes":{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30008,"port":8008,"type":"NodePort"},"tolerations":[]}` | Api Server configurations |
|
||||||
| apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret |
|
| apiserver.additionalConfigs | object | `{}` | files declared in this parameter will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsSecret |
|
||||||
| apiserver.affinity | object | `{}` | Api Server affinity setup |
|
| apiserver.affinity | object | `{}` | Api Server affinity setup |
|
||||||
|
| apiserver.containerSecurityContext | object | `{}` | Api Server containers security context |
|
||||||
| apiserver.enabled | bool | `true` | Enable/Disable component deployment |
|
| apiserver.enabled | bool | `true` | Enable/Disable component deployment |
|
||||||
| apiserver.existingAdditionalConfigsConfigMap | string | `""` | reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml) |
|
| apiserver.existingAdditionalConfigsConfigMap | string | `""` | reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml) |
|
||||||
| apiserver.existingAdditionalConfigsSecret | string | `""` | reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap |
|
| apiserver.existingAdditionalConfigsSecret | string | `""` | reference for files declared in existing Secret will be mounted and read by apiserver (examples in values.yaml) if not overridden by existingAdditionalConfigsConfigMap |
|
||||||
@ -168,6 +170,7 @@ Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
|
|||||||
| apiserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
|
| apiserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
|
||||||
| apiserver.nodeSelector | object | `{}` | Api Server nodeselector |
|
| apiserver.nodeSelector | object | `{}` | Api Server nodeselector |
|
||||||
| apiserver.podAnnotations | object | `{}` | specific annotation for Api Server pods |
|
| apiserver.podAnnotations | object | `{}` | specific annotation for Api Server pods |
|
||||||
|
| apiserver.podSecurityContext | object | `{}` | Api Server pod security context |
|
||||||
| apiserver.prepopulateEnabled | bool | `true` | Enable/Disable example data load |
|
| apiserver.prepopulateEnabled | bool | `true` | Enable/Disable example data load |
|
||||||
| apiserver.processes | object | `{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000}` | Api Server internal processes configuration |
|
| apiserver.processes | object | `{"count":8,"maxRequests":1000,"maxRequestsJitter":300,"timeout":24000}` | Api Server internal processes configuration |
|
||||||
| apiserver.processes.count | int | `8` | Api Server internal listing processes |
|
| apiserver.processes.count | int | `8` | Api Server internal listing processes |
|
||||||
@ -176,7 +179,6 @@ Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
|
|||||||
| apiserver.processes.timeout | int | `24000` | Api timeout (ms) |
|
| apiserver.processes.timeout | int | `24000` | Api timeout (ms) |
|
||||||
| apiserver.replicaCount | int | `1` | Api Server number of pods |
|
| apiserver.replicaCount | int | `1` | Api Server number of pods |
|
||||||
| apiserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Api Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
|
| apiserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | Api Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
|
||||||
| apiserver.securityContext | object | `{}` | Api Server pod security context |
|
|
||||||
| apiserver.service | object | `{"nodePort":30008,"port":8008,"type":"NodePort"}` | Api Server internal service configuration |
|
| apiserver.service | object | `{"nodePort":30008,"port":8008,"type":"NodePort"}` | Api Server internal service configuration |
|
||||||
| apiserver.service.nodePort | int | `30008` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
|
| apiserver.service.nodePort | int | `30008` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
|
||||||
| apiserver.tolerations | list | `[]` | Api Server tolerations setup |
|
| apiserver.tolerations | list | `[]` | Api Server tolerations setup |
|
||||||
@ -231,8 +233,9 @@ Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
|
|||||||
| externalServices.mongodbConnectionStringBackend | string | `""` | Existing MongoDB connection string for AUTH to use if mongodb.enabled is false |
|
| externalServices.mongodbConnectionStringBackend | string | `""` | Existing MongoDB connection string for AUTH to use if mongodb.enabled is false |
|
||||||
| externalServices.redisHost | string | `""` | Existing Redis Hostname to use if redis.enabled is false |
|
| externalServices.redisHost | string | `""` | Existing Redis Hostname to use if redis.enabled is false |
|
||||||
| externalServices.redisPort | int | `6379` | Existing Redis Port to use if redis.enabled is false |
|
| externalServices.redisPort | int | `6379` | Existing Redis Port to use if redis.enabled is false |
|
||||||
| fileserver | object | `{"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"securityContext":{},"service":{"nodePort":30081,"port":8081,"type":"NodePort"},"storage":{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true},"tolerations":[]}` | File Server configurations |
|
| fileserver | object | `{"affinity":{},"containerSecurityContext":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"files.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30081,"port":8081,"type":"NodePort"},"storage":{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true},"tolerations":[]}` | File Server configurations |
|
||||||
| fileserver.affinity | object | `{}` | File Server affinity setup |
|
| fileserver.affinity | object | `{}` | File Server affinity setup |
|
||||||
|
| fileserver.containerSecurityContext | object | `{}` | File Server containers security context |
|
||||||
| fileserver.enabled | bool | `true` | Enable/Disable component deployment |
|
| fileserver.enabled | bool | `true` | Enable/Disable component deployment |
|
||||||
| fileserver.extraEnvs | list | `[]` | File Server extra envrinoment variables |
|
| fileserver.extraEnvs | list | `[]` | File Server extra envrinoment variables |
|
||||||
| fileserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | File Server image configuration |
|
| fileserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | File Server image configuration |
|
||||||
@ -245,9 +248,9 @@ Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
|
|||||||
| fileserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
|
| fileserver.ingress.tlsSecretName | string | `""` | Reference to secret containing TLS certificate. If set, it enables HTTPS on ingress rule. |
|
||||||
| fileserver.nodeSelector | object | `{}` | File Server nodeselector |
|
| fileserver.nodeSelector | object | `{}` | File Server nodeselector |
|
||||||
| fileserver.podAnnotations | object | `{}` | specific annotation for File Server pods |
|
| fileserver.podAnnotations | object | `{}` | specific annotation for File Server pods |
|
||||||
|
| fileserver.podSecurityContext | object | `{}` | File Server pod security context |
|
||||||
| fileserver.replicaCount | int | `1` | File Server number of pods |
|
| fileserver.replicaCount | int | `1` | File Server number of pods |
|
||||||
| fileserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | File Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
|
| fileserver.resources | object | `{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}}` | File Server resources per pod; these are minimal requirements, it's suggested to increase these values in production environments |
|
||||||
| fileserver.securityContext | object | `{}` | File Server pod security context |
|
|
||||||
| fileserver.service | object | `{"nodePort":30081,"port":8081,"type":"NodePort"}` | File Server internal service configuration |
|
| fileserver.service | object | `{"nodePort":30081,"port":8081,"type":"NodePort"}` | File Server internal service configuration |
|
||||||
| fileserver.service.nodePort | int | `30081` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
|
| fileserver.service.nodePort | int | `30081` | If service.type set to NodePort, this will be set to service's nodePort field. If service.type is set to others, this field will be ignored |
|
||||||
| fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true}` | File server persistence settings |
|
| fileserver.storage | object | `{"data":{"accessMode":"ReadWriteOnce","class":"","existingPVC":"","size":"50Gi"},"enabled":true}` | File server persistence settings |
|
||||||
@ -265,9 +268,10 @@ Kubernetes: `>= 1.21.0-0 < 1.27.0-0`
|
|||||||
| imageCredentials.username | string | `"someone"` | Registry username |
|
| imageCredentials.username | string | `"someone"` | Registry username |
|
||||||
| mongodb | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"50Gi","storageClass":null},"replicaCount":1}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
|
| mongodb | object | `{"architecture":"standalone","auth":{"enabled":false},"enabled":true,"persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"50Gi","storageClass":null},"replicaCount":1}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/mongodb/values.yaml |
|
||||||
| redis | object | `{"architecture":"standalone","auth":{"enabled":false},"databaseNumber":0,"enabled":true,"master":{"name":"{{ .Release.Name }}-redis-master","persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"5Gi","storageClass":null},"port":6379}}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml |
|
| redis | object | `{"architecture":"standalone","auth":{"enabled":false},"databaseNumber":0,"enabled":true,"master":{"name":"{{ .Release.Name }}-redis-master","persistence":{"accessModes":["ReadWriteOnce"],"enabled":true,"size":"5Gi","storageClass":null},"port":6379}}` | Configuration from https://github.com/bitnami/charts/blob/master/bitnami/redis/values.yaml |
|
||||||
| webserver | object | `{"additionalConfigs":{},"affinity":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30080,"port":8080,"type":"NodePort"},"tolerations":[]}` | Web Server configurations |
|
| webserver | object | `{"additionalConfigs":{},"affinity":{},"containerSecurityContext":{},"enabled":true,"extraEnvs":[],"image":{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"},"ingress":{"annotations":{},"enabled":false,"hostName":"app.clearml.127-0-0-1.nip.io","ingressClassName":"","path":"/","tlsSecretName":""},"nodeSelector":{},"podAnnotations":{},"podSecurityContext":{},"replicaCount":1,"resources":{"limits":{"cpu":"2000m","memory":"1Gi"},"requests":{"cpu":"100m","memory":"256Mi"}},"service":{"nodePort":30080,"port":8080,"type":"NodePort"},"tolerations":[]}` | Web Server configurations |
|
||||||
| webserver.additionalConfigs | object | `{}` | Additional specific webserver configurations |
|
| webserver.additionalConfigs | object | `{}` | Additional specific webserver configurations |
|
||||||
| webserver.affinity | object | `{}` | Web Server affinity setup |
|
| webserver.affinity | object | `{}` | Web Server affinity setup |
|
||||||
|
| webserver.containerSecurityContext | object | `{}` | Web Server containers security context |
|
||||||
| webserver.enabled | bool | `true` | Enable/Disable component deployment |
|
| webserver.enabled | bool | `true` | Enable/Disable component deployment |
|
||||||
| webserver.extraEnvs | list | `[]` | Web Server extra envrinoment variables |
|
| webserver.extraEnvs | list | `[]` | Web Server extra envrinoment variables |
|
||||||
| webserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | Web Server image configuration |
|
| webserver.image | object | `{"pullPolicy":"IfNotPresent","repository":"allegroai/clearml","tag":"1.9.2-317"}` | Web Server image configuration |
|
||||||
|
|||||||
@ -112,6 +112,7 @@ Before issuing helm upgrade:
|
|||||||
|
|
||||||
* delete Redis statefulset(s)
|
* delete Redis statefulset(s)
|
||||||
* scale MongoDB deployment(s) replicas to 0
|
* scale MongoDB deployment(s) replicas to 0
|
||||||
|
* if using securityContexts check for new value form in values.yaml (podSecurityContext and containerSecurityContext)
|
||||||
|
|
||||||
## ENTERPRISE Version
|
## ENTERPRISE Version
|
||||||
|
|
||||||
|
|||||||
@ -41,7 +41,8 @@ spec:
|
|||||||
name: "{{ include "apiserver.referenceName" . }}-configmap"
|
name: "{{ include "apiserver.referenceName" . }}-configmap"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
securityContext: {{ toYaml .Values.apiserver.podSecurityContext | nindent 8 }}
|
securityContext:
|
||||||
|
{{ toYaml .Values.apiserver.podSecurityContext | nindent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: init-apiserver
|
- name: init-apiserver
|
||||||
{{- if .Values.enterpriseFeatures.enabled }}
|
{{- if .Values.enterpriseFeatures.enabled }}
|
||||||
@ -72,6 +73,8 @@ spec:
|
|||||||
sleep 5 ;
|
sleep 5 ;
|
||||||
done ;
|
done ;
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.apiserver.containerSecurityContext | nindent 12 }}
|
||||||
containers:
|
containers:
|
||||||
- name: clearml-apiserver
|
- name: clearml-apiserver
|
||||||
{{- if .Values.enterpriseFeatures.enabled }}
|
{{- if .Values.enterpriseFeatures.enabled }}
|
||||||
@ -250,6 +253,8 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.apiserver.resources | nindent 12 }}
|
{{- toYaml .Values.apiserver.resources | nindent 12 }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.apiserver.containerSecurityContext | nindent 12 }}
|
||||||
{{- with .Values.apiserver.nodeSelector }}
|
{{- with .Values.apiserver.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
|||||||
@ -42,23 +42,26 @@ spec:
|
|||||||
- name: fileserver-data
|
- name: fileserver-data
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
securityContext: {{ toYaml .Values.fileserver.podSecurityContext | nindent 8 }}
|
securityContext:
|
||||||
|
{{ toYaml .Values.fileserver.podSecurityContext | nindent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
- name: init-fileserver
|
- name: init-fileserver
|
||||||
{{- if .Values.enterpriseFeatures.enabled }}
|
{{- if .Values.enterpriseFeatures.enabled }}
|
||||||
image: "{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
|
image: "{{ .Values.fileserver.image.repository }}:{{ .Values.enterpriseFeatures.fileserverImageTagOverride }}"
|
||||||
{{- else }}
|
{{- else }}
|
||||||
image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
|
image: "{{ .Values.fileserver.image.repository }}:{{ .Values.fileserver.image.tag }}"
|
||||||
{{- end }}
|
{{- end }}
|
||||||
command:
|
command:
|
||||||
- /bin/sh
|
- /bin/sh
|
||||||
- -c
|
- -c
|
||||||
- >
|
- >
|
||||||
set -x;
|
set -x;
|
||||||
while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
|
while [ $(curl -sw '%{http_code}' "http://{{ include "apiserver.referenceName" . }}:{{ .Values.apiserver.service.port }}/debug.ping" -o /dev/null) -ne 200 ] ; do
|
||||||
echo "waiting for apiserver" ;
|
echo "waiting for apiserver" ;
|
||||||
sleep 5 ;
|
sleep 5 ;
|
||||||
done
|
done
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.fileserver.containerSecurityContext | nindent 12 }}
|
||||||
containers:
|
containers:
|
||||||
- name: clearml-fileserver
|
- name: clearml-fileserver
|
||||||
{{- if .Values.enterpriseFeatures.enabled }}
|
{{- if .Values.enterpriseFeatures.enabled }}
|
||||||
@ -116,6 +119,8 @@ spec:
|
|||||||
mountPath: /mnt/fileserver
|
mountPath: /mnt/fileserver
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.fileserver.resources | nindent 12 }}
|
{{- toYaml .Values.fileserver.resources | nindent 12 }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.fileserver.containerSecurityContext | nindent 12 }}
|
||||||
{{- with .Values.fileserver.nodeSelector }}
|
{{- with .Values.fileserver.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
|||||||
@ -35,7 +35,8 @@ spec:
|
|||||||
- name: documentation
|
- name: documentation
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
securityContext: {{ toYaml .Values.webserver.podSecurityContext | nindent 8 }}
|
securityContext:
|
||||||
|
{{ toYaml .Values.webserver.podSecurityContext | nindent 8 }}
|
||||||
initContainers:
|
initContainers:
|
||||||
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
{{- if .Values.enterpriseFeatures.airGappedDocumentation.enabled }}
|
||||||
- name: init-airgap-docs
|
- name: init-airgap-docs
|
||||||
@ -51,6 +52,8 @@ spec:
|
|||||||
- mountPath: /usr/share/nginx/html/clearml
|
- mountPath: /usr/share/nginx/html/clearml
|
||||||
name: documentation
|
name: documentation
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.webserver.containerSecurityContext | nindent 12 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
- name: init-webserver
|
- name: init-webserver
|
||||||
{{- if .Values.enterpriseFeatures.enabled }}
|
{{- if .Values.enterpriseFeatures.enabled }}
|
||||||
@ -67,6 +70,8 @@ spec:
|
|||||||
echo "waiting for apiserver" ;
|
echo "waiting for apiserver" ;
|
||||||
sleep 5 ;
|
sleep 5 ;
|
||||||
done
|
done
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.webserver.containerSecurityContext | nindent 12 }}
|
||||||
containers:
|
containers:
|
||||||
- name: clearml-webserver
|
- name: clearml-webserver
|
||||||
{{- if .Values.enterpriseFeatures.enabled }}
|
{{- if .Values.enterpriseFeatures.enabled }}
|
||||||
@ -150,6 +155,8 @@ spec:
|
|||||||
{{- end }}
|
{{- end }}
|
||||||
resources:
|
resources:
|
||||||
{{- toYaml .Values.webserver.resources | nindent 12 }}
|
{{- toYaml .Values.webserver.resources | nindent 12 }}
|
||||||
|
securityContext:
|
||||||
|
{{ toYaml .Values.webserver.containerSecurityContext | nindent 12 }}
|
||||||
{{- with .Values.webserver.nodeSelector }}
|
{{- with .Values.webserver.nodeSelector }}
|
||||||
nodeSelector:
|
nodeSelector:
|
||||||
{{- toYaml . | nindent 8 }}
|
{{- toYaml . | nindent 8 }}
|
||||||
|
|||||||
@ -112,7 +112,9 @@ apiserver:
|
|||||||
# -- Api Server affinity setup
|
# -- Api Server affinity setup
|
||||||
affinity: {}
|
affinity: {}
|
||||||
# -- Api Server pod security context
|
# -- Api Server pod security context
|
||||||
securityContext: {}
|
podSecurityContext: {}
|
||||||
|
# -- Api Server containers security context
|
||||||
|
containerSecurityContext: {}
|
||||||
# runAsUser: 1001
|
# runAsUser: 1001
|
||||||
# fsGroup: 1001
|
# fsGroup: 1001
|
||||||
# -- reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml)
|
# -- reference for files declared in existing ConfigMap will be mounted and read by apiserver (examples in values.yaml)
|
||||||
@ -202,7 +204,9 @@ fileserver:
|
|||||||
# -- File Server affinity setup
|
# -- File Server affinity setup
|
||||||
affinity: {}
|
affinity: {}
|
||||||
# -- File Server pod security context
|
# -- File Server pod security context
|
||||||
securityContext: {}
|
podSecurityContext: {}
|
||||||
|
# -- File Server containers security context
|
||||||
|
containerSecurityContext: {}
|
||||||
# runAsUser: 1001
|
# runAsUser: 1001
|
||||||
# fsGroup: 1001
|
# fsGroup: 1001
|
||||||
# -- File server persistence settings
|
# -- File server persistence settings
|
||||||
@ -271,6 +275,8 @@ webserver:
|
|||||||
affinity: {}
|
affinity: {}
|
||||||
# -- Web Server pod security context
|
# -- Web Server pod security context
|
||||||
podSecurityContext: {}
|
podSecurityContext: {}
|
||||||
|
# -- Web Server containers security context
|
||||||
|
containerSecurityContext: {}
|
||||||
# runAsUser: 1001
|
# runAsUser: 1001
|
||||||
# fsGroup: 1001
|
# fsGroup: 1001
|
||||||
# -- Additional specific webserver configurations
|
# -- Additional specific webserver configurations
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user