From 9f30ebfbf2f7816fabac3807d7f8b1b43444645d Mon Sep 17 00:00:00 2001 From: Christian Hernvall Date: Thu, 25 Nov 2021 10:48:35 +0100 Subject: [PATCH 1/2] grafana: Configurable Security Context for sidecars Signed-off-by: Christian Hernvall --- charts/grafana/README.md | 1 + charts/grafana/templates/_pod.tpl | 12 ++++++++++++ charts/grafana/values.yaml | 1 + 3 files changed, 14 insertions(+) diff --git a/charts/grafana/README.md b/charts/grafana/README.md index 41e45229d7..a43961c28f 100644 --- a/charts/grafana/README.md +++ b/charts/grafana/README.md @@ -141,6 +141,7 @@ This version requires Helm >= 3.1.0. | `sidecar.image.sha` | Sidecar image sha (optional) | `""` | | `sidecar.imagePullPolicy` | Sidecar image pull policy | `IfNotPresent` | | `sidecar.resources` | Sidecar resources | `{}` | +| `sidecar.securityContext` | Sidecar securityContext | `{}` | | `sidecar.enableUniqueFilenames` | Sets the kiwigrid/k8s-sidecar UNIQUE_FILENAMES environment variable. If set to `true` the sidecar will create unique filenames where duplicate data keys exist between ConfigMaps and/or Secrets within the same or multiple Namespaces. | `false` | | `sidecar.dashboards.enabled` | Enables the cluster wide search for dashboards and adds/updates/deletes them in grafana | `false` | | `sidecar.dashboards.SCProvider` | Enables creation of sidecar provider | `true` | diff --git a/charts/grafana/templates/_pod.tpl b/charts/grafana/templates/_pod.tpl index 8a3305ab96..f43fef7ff3 100644 --- a/charts/grafana/templates/_pod.tpl +++ b/charts/grafana/templates/_pod.tpl @@ -112,6 +112,10 @@ initContainers: {{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} volumeMounts: - name: sc-datasources-volume mountPath: "/etc/grafana/provisioning/datasources" @@ -147,6 +151,10 @@ initContainers: {{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} volumeMounts: - name: sc-notifiers-volume mountPath: "/etc/grafana/provisioning/notifiers" @@ -205,6 +213,10 @@ containers: {{- end }} resources: {{ toYaml .Values.sidecar.resources | indent 6 }} +{{- if .Values.sidecar.securityContext }} + securityContext: +{{- toYaml .Values.sidecar.securityContext | nindent 6 }} +{{- end }} volumeMounts: - name: sc-dashboard-volume mountPath: {{ .Values.sidecar.dashboards.folder | quote }} diff --git a/charts/grafana/values.yaml b/charts/grafana/values.yaml index 83b4ac799d..f94e60b037 100644 --- a/charts/grafana/values.yaml +++ b/charts/grafana/values.yaml @@ -625,6 +625,7 @@ sidecar: # requests: # cpu: 50m # memory: 50Mi + securityContext: {} # skipTlsVerify Set to true to skip tls verification for kube api calls # skipTlsVerify: true enableUniqueFilenames: false From 34f1b48f0f454f0c61ae1eb41f528743b38ec58c Mon Sep 17 00:00:00 2001 From: Christian Hernvall Date: Mon, 29 Nov 2021 10:29:56 +0100 Subject: [PATCH 2/2] Bump Grafana chart version to 6.17.9 Signed-off-by: Christian Hernvall --- charts/grafana/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/grafana/Chart.yaml b/charts/grafana/Chart.yaml index a7978f6a7c..be8fd11cd4 100644 --- a/charts/grafana/Chart.yaml +++ b/charts/grafana/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: grafana -version: 6.17.8 +version: 6.17.9 appVersion: 8.2.5 kubeVersion: "^1.8.0-0" description: The leading tool for querying and visualizing time series and metrics.