chore: add container security context (#21)

* chore: add container security context * trigger build * upgrade zookeeper to 3.8.4 * update prometheus-jmx-exporter image version
hypertrace · Jun 27, 2024 · d5ff67a · d5ff67a
1 parent e51e37a
commit d5ff67a
Show file tree

Hide file tree

Showing 4 changed files with 18 additions and 5 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -1,6 +1,6 @@
 FROM alpine:latest AS downloader
 
-ARG ZOOKEEPER_VERSION=3.8.3
+ARG ZOOKEEPER_VERSION=3.8.4
 
 RUN apk add --update curl gpg gpg-agent && \
     curl -sLO https://www.apache.org/dist/zookeeper/KEYS && \

diff --git a/helm/Chart.yaml b/helm/Chart.yaml
@@ -2,5 +2,5 @@ apiVersion: v2
 name: zookeeper
 type: application
 description: zookeeper helm chart
-appVersion: 3.8.3
+appVersion: 3.8.4
 version: 0.1.0
diff --git a/helm/templates/statefulset.yaml b/helm/templates/statefulset.yaml
@@ -92,6 +92,10 @@ spec:
               mountPath: /scripts
             - name: zk-data
               mountPath: /var/lib/zookeeper/data
+          {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- if .Values.prometheus.jmx.enabled }}
         - name: prometheus-jmx-exporter
           image: "{{ .Values.prometheus.jmx.image.repository }}:{{ .Values.prometheus.jmx.image.tag }}"
@@ -112,6 +116,10 @@ spec:
           volumeMounts:
             - name: {{ include "zookeeper.fullname" . }}-jmx-config
               mountPath: /etc/jmx-zookeeper
+          {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
         {{- end }}
       terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
       volumes:
@@ -143,7 +151,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      {{- with .Values.securityContext }}
+      {{- with .Values.podSecurityContext }}
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -59,10 +59,12 @@ nodeSelector: {}
 
 affinity: {}
 
-securityContext:
+podSecurityContext:
   runAsUser: 1000
   fsGroup: 1000
 
+containerSecurityContext: {}
+
 hostNetwork: false
 
 # Persistence volume
@@ -145,10 +147,13 @@ prometheus:
     enabled: false
     image:
       repository: hypertrace/prometheus-jmx-exporter
-      tag: 0.1.4
+      tag: 0.1.7
       pullPolicy: IfNotPresent
     port: 5556
     resources:
+      limits:
+        cpu: "0.5"
+        memory: "512Mi"
       requests:
         cpu: "0.1"
         memory: "256Mi"