Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(metrics): set securityContext for metrics collector #3119

Merged
merged 1 commit into from
Jun 30, 2023
Merged

feat(metrics): set securityContext for metrics collector #3119

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .changelog/3119.added.txt
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
feat(metrics): set securityContext for metrics collector
2 changes: 1 addition & 1 deletion deploy/helm/sumologic/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -126,7 +126,7 @@ The following table lists the configurable parameters of the Sumo Logic chart an
| `sumologic.metrics.collector.otelcol.podAnnotations` | Additional annotations for the experimental otelcol metrics pods. | `{}` |
| `sumologic.metrics.collector.otelcol.podLabels` | Additional labels for the experimental otelcol metrics pods. | `{}` |
| `sumologic.metrics.collector.otelcol.priorityClassName` | Priority class name for the experimental otelcol metrics. | `null` |
| `sumologic.metrics.collector.otelcol.securityContext` | The securityContext configuration for the experimental otelcol metrics. | `{}` |
| `sumologic.metrics.collector.otelcol.securityContext` | The securityContext configuration for the experimental otelcol metrics. | `{"fsGroup": 999}` |
| `sumologic.metrics.collector.otelcol.tolerations` | Tolerations for the experimental otelcol metrics. | `[]` |
| `sumologic.traces.enabled` | Set the enabled flag to true to enable tracing ingestion. _Tracing must be enabled for the account first. Please contact your Sumo representative for activation details_ | `true` |
| `sumologic.traces.spans_per_request` | Maximum number of spans sent in single batch | `100` |
Expand Down
6 changes: 2 additions & 4 deletions deploy/helm/sumologic/templates/metrics/collector/otelcol/opentelemetrycollector.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,10 +44,6 @@ spec:
tolerations:
{{ toYaml .Values.sumologic.metrics.collector.otelcol.tolerations | indent 4 }}
{{- end }}
{{- if .Values.sumologic.metrics.collector.otelcol.securityContext }}
securityContext:
{{- toYaml .Values.sumologic.metrics.collector.otelcol.securityContext | nindent 4 }}
{{- end }}
{{- if .Values.sumologic.metrics.collector.otelcol.priorityClassName }}
priorityClassName: {{ .Values.sumologic.metrics.collector.otelcol.priorityClassName | quote }}
{{- end }}
Expand All @@ -67,6 +63,8 @@ spec:
{{- if .Values.metadata.metrics.statefulset.extraEnvVars }}
{{ toYaml .Values.metadata.metrics.statefulset.extraEnvVars | nindent 4 }}
{{- end }}
podSecurityContext:
{{ .Values.sumologic.metrics.collector.otelcol.securityContext | toYaml | nindent 4 }}
ports:
- name: pprof
port: 1777
Expand Down
13 changes: 8 additions & 5 deletions deploy/helm/sumologic/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -480,7 +480,10 @@ sumologic:
## Selector for PodMonitors used for target discovery.
## See https://github.com/open-telemetry/opentelemetry-operator/blob/main/docs/api.md#opentelemetrycollectorspectargetallocatorprometheuscr
podMonitorSelector: {}
securityContext: {}
securityContext:
## The group ID of all processes in the statefulset containers. This can be anything, but it does need to be set.
## The default is 0 (root), and containers don't have write permissions for volumes in that case.
fsGroup: 999
tolerations: []

otelcol:
Expand Down Expand Up @@ -3871,8 +3874,8 @@ metadata:
pullPolicy: IfNotPresent

securityContext:
## ToDo: Verify following comment
## The group ID of all processes in the statefulset containers. By default this needs to be otelcol(999).
## The group ID of all processes in the statefulset containers. This can be anything, but it does need to be set.
## The default is 0 (root), and containers don't have write permissions for volumes in that case.
fsGroup: 999

## Add custom labels to all otelcol sts pods(logs and metrics)
Expand Down Expand Up @@ -4279,8 +4282,8 @@ otelevents:
podAnnotations: {}

securityContext:
## ToDo: Verify following comment
## The group ID of all processes in the statefulset containers. By default this needs to be otelcol(999).
## The group ID of all processes in the statefulset containers. This can be anything, but it does need to be set.
## The default is 0 (root), and containers don't have write permissions for volumes in that case.
fsGroup: 999

## Set securityContext for containers running in pods in events statefulset.
Expand Down
2 changes: 2 additions & 0 deletions tests/helm/testdata/goldenfile/metrics_collector_otc/basic.output.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -67,6 +67,8 @@ spec:

- name: NO_PROXY
value: kubernetes.default.svc
podSecurityContext:
fsGroup: 999
ports:
- name: pprof
port: 1777
Expand Down
4 changes: 2 additions & 2 deletions tests/helm/testdata/goldenfile/metrics_collector_otc/custom.output.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,8 +39,6 @@ spec:
- effect: NoSchedule
key: null
operator: Exists
securityContext:
fsGroup: 999
priorityClassName: "customPriority"
autoscaler:
maxReplicas: 30
Expand Down Expand Up @@ -97,6 +95,8 @@ spec:
secretKeyRef:
key: secret_key
name: secret_name
podSecurityContext:
fsGroup: 999
ports:
- name: pprof
port: 1777
Expand Down