fix: update securityContext configuration to allow running in restric…#196
fix: update securityContext configuration to allow running in restric…#19698jan wants to merge 3 commits into
Conversation
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 1fd271de0f
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| done; | ||
| echo "Database ready to accept connections." ; | ||
| {{- if .Values.securityContext }} | ||
| securityContext: {{ .Values.securityContext | toYaml | nindent 8 }} |
There was a problem hiding this comment.
securityContext values under the key
When .Values.securityContext is set, this template renders securityContext: and then emits the map at the same indentation (nindent 8), so fields like runAsUser become sibling container keys instead of children of securityContext. In Kubernetes, that yields invalid container specs (unknown top-level fields) and causes the migrations Job to fail to create. The same indentation pattern is repeated for the other two container-level securityContext insertions in this file.
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Corrected, the intendation, was really to small.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 846c547eb9
ℹ️ About Codex in GitHub
Codex has been enabled to automatically review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
When you sign up for Codex through ChatGPT, Codex can also answer questions or update the PR, like "@codex address that feedback".
| args: ['{{ include "chatwoot.fullname" . }}:{{ .Values.services.targetPort }}'] | ||
| {{- if .Values.securityContext }} | ||
| securityContext: {{ .Values.securityContext | toYaml | nindent 8 }} |
There was a problem hiding this comment.
This hook pod now inherits .Values.securityContext, but the command still runs plain wget <url>, which performs a download/write by default (wget --help exposes --spider as the no-download mode). In hardened setups (for example runAsNonRoot and/or readOnlyRootFilesystem from chart security settings), that can make helm test fail due to filesystem write restrictions even when the service is reachable. Switching the probe command to a non-writing mode avoids false-negative test failures.
Useful? React with 👍 / 👎.
|
Hi @vishnu-narayanan, any news about this PR ? Thank you ! |
2 participants
…ted environments