github/oneuptime
1
1
Fork 0
mirror of https://github.com/OneUptime/oneuptime.git synced 2026-04-06 00:32:12 +02:00
Code Issues 193 Packages Projects Releases Wiki Activity

feat: Add pod security context configuration for ClickHouse and Redis StatefulSets

Browse Source
This commit is contained in:
Simon Larsen
2025-09-07 13:03:09 +01:00
parent d4b3f1b60b
commit 75333ef36c
3 changed files with 34 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
HelmChart/Public/oneuptime/templates/clickhouse-statefulset.yaml
View File

@@ -44,10 +44,17 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.clickhouse.podSecurityContext }}
{{- with .Values.clickhouse.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else if .Values.podSecurityContext }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: clickhouse
image: "{{ .Values.clickhouse.image.repository }}:{{ .Values.clickhouse.image.tag }}"

7
HelmChart/Public/oneuptime/templates/redis-statefulset.yaml
View File

@@ -38,10 +38,17 @@ spec:
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.redis.master.podSecurityContext }}
{{- with .Values.redis.master.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- else if .Values.podSecurityContext }}
{{- with .Values.podSecurityContext }}
securityContext:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}
containers:
- name: redis
image: "{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"

20
HelmChart/Public/oneuptime/values.yaml
View File

@@ -134,6 +134,16 @@ clickhouse:
nodeSelector: {}
tolerations: []
affinity: {}
# Optional: override global security contexts just for the ClickHouse pod/container
# podSecurityContext:
# runAsUser: 101
# runAsGroup: 101
# fsGroup: 101
# containerSecurityContext:
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: true
# capabilities:
# drop: ["ALL"]
resources: {}
# Custom ClickHouse configuration
configuration: |-
@@ -195,6 +205,16 @@ redis:
nodeSelector: {}
tolerations: []
affinity: {}
# Optional: override global security contexts just for the Redis pod/container
# podSecurityContext:
# runAsUser: 999
# runAsGroup: 999
# fsGroup: 999
# containerSecurityContext:
# allowPrivilegeEscalation: false
# readOnlyRootFilesystem: true
# capabilities:
# drop: ["ALL"]
resources: {}
commonConfiguration: |-
appendonly no