Add securityContext support to pre-delete Job#619
Open
Conversation
Signed-off-by: Shahar Harari <shahar.harari@sap.com>
|
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Pull Request Template
Prerequisites
Motivation
The pre-delete Helm hook Job was missing
securityContextconfiguration, making it non-compliant with restricted Pod Security Standards. Clusters enforcing these standards reject workloads without proper security context. The deployment template already supported bothmanager.podSecurityContextandmanager.securityContextvalues — the pre-delete job was the only workload missing them.Approach
Added both pod-level and container-level
securityContextsupport to the pre-delete job template (sapbtp-operator-charts/templates/pre-delete-job.yml), reusing the existingmanager.podSecurityContextandmanager.securityContextvalues fromvalues.yaml. This ensures consistent security posture across all chart workloads without introducing additional configuration. Used{{- with }}for cleaner templating.Pull Request status
Feel free to construct the checklist with whatever items seem most reasonable for your change. You could disassemble the Implementation part to even smaller separate checklist items if you're working on something big for example. But do make the effort to provide a checklist of some sort so that the core team as well as the community can have an idea about the progress of your Pull Request.
Third-party code
If you use third party code with your contribution such as, components, libraries, or snippets make sure to mention that.
Work in Progress label
For as long as development of your Pull Request is still ongoing you MUST label it with a wip label as well as prefix the name of the PR with [WIP].
For example: [WIP] Service brokers API