diff --git a/chart/skywalking/README.md b/chart/skywalking/README.md
index 74b5acc..beb55cd 100644
--- a/chart/skywalking/README.md
+++ b/chart/skywalking/README.md
@@ -60,6 +60,7 @@ The following table lists the configurable parameters of the Skywalking chart an
| `oap.resources` | OAP node resources requests & limits | `{} - cpu limit must be an integer` |
| `oap.envoy.als.enabled` | Open envoy als | `false` |
| `oap.env` | OAP environment variables | `[]` |
+| `oap.securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` |
| `ui.name` | Web UI deployment name | `ui` |
| `ui.replicas` | Web UI k8s deployment replicas | `1` |
| `ui.image.repository` | Web UI container image name | `skywalking.docker.scarf.sh/apache/skywalking-ui` |
@@ -80,6 +81,7 @@ The following table lists the configurable parameters of the Skywalking chart an
| `ui.service.loadBalancerIP` | Load Balancer IP address | `nil` |
| `ui.service.annotations` | Kubernetes service annotations | `{}` |
| `ui.service.loadBalancerSourceRanges` | Limit load balancer source IPs to list of CIDRs (where available)) | `[]` |
+| `ui.securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` |
| `oapInit.nodeAffinity` | OAP init job node affinity policy | `{}` |
| `oapInit.nodeSelector` | OAP init job labels for master pod assignment | `{}` |
| `oapInit.tolerations` | OAP init job tolerations | `[]` |
@@ -161,6 +163,7 @@ The following table lists the configurable parameters of the Skywalking chart an
| `satellite.resources` | Satellite node resources requests & limits | `{} - cpu limit must be an integer` |
| `satellite.podAnnotations` | Configurable [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) applied to all Satellite pods | `{}` |
| `satellite.env` | Satellite environment variables | `[]` |
+| `satellite.securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` |
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
diff --git a/chart/skywalking/templates/oap-deployment.yaml b/chart/skywalking/templates/oap-deployment.yaml
index 6d330f5..58b5a97 100644
--- a/chart/skywalking/templates/oap-deployment.yaml
+++ b/chart/skywalking/templates/oap-deployment.yaml
@@ -42,6 +42,10 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ template "skywalking.serviceAccountName.oap" . }}
+ {{- with .Values.oap.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
affinity:
{{- if eq .Values.oap.antiAffinity "hard" }}
podAntiAffinity:
diff --git a/chart/skywalking/templates/oap-init.job.yaml b/chart/skywalking/templates/oap-init.job.yaml
index d061066..71b06e8 100644
--- a/chart/skywalking/templates/oap-init.job.yaml
+++ b/chart/skywalking/templates/oap-init.job.yaml
@@ -38,6 +38,10 @@ spec:
release: {{ .Release.Name }}
spec:
serviceAccountName: {{ template "skywalking.serviceAccountName.oap" . }}
+ {{- with .Values.oap.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
{{- if .Values.oapInit.nodeAffinity }}
affinity:
{{- end }}
diff --git a/chart/skywalking/templates/satellite-deployment.yaml b/chart/skywalking/templates/satellite-deployment.yaml
index 2659904..7e01911 100644
--- a/chart/skywalking/templates/satellite-deployment.yaml
+++ b/chart/skywalking/templates/satellite-deployment.yaml
@@ -43,6 +43,11 @@ spec:
{{- end }}
spec:
serviceAccountName: {{ template "skywalking.serviceAccountName.satellite" . }}
+ {{- with .Values.satellite.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+
affinity:
{{- if eq .Values.satellite.antiAffinity "hard" }}
podAntiAffinity:
diff --git a/chart/skywalking/templates/ui-deployment.yaml b/chart/skywalking/templates/ui-deployment.yaml
index 34f56ad..738fceb 100644
--- a/chart/skywalking/templates/ui-deployment.yaml
+++ b/chart/skywalking/templates/ui-deployment.yaml
@@ -41,6 +41,11 @@ spec:
{{ toYaml .Values.ui.podAnnotations | indent 8 }}
{{- end }}
spec:
+ {{- with .Values.ui.securityContext }}
+ securityContext:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+
affinity:
{{- with .Values.ui.nodeAffinity }}
nodeAffinity:
diff --git a/chart/skywalking/values.yaml b/chart/skywalking/values.yaml
index 2e79715..13fb6ed 100644
--- a/chart/skywalking/values.yaml
+++ b/chart/skywalking/values.yaml
@@ -59,6 +59,10 @@ oap:
# memory: 4Gi
# podAnnotations:
# example: oap-foo
+ securityContext: {}
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
envoy:
als:
enabled: false
@@ -132,6 +136,10 @@ ui:
annotations: {}
## Limit load balancer source ips to list of CIDRs (where available)
# loadBalancerSourceRanges: []
+ securityContext: {}
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
oapInit:
nodeAffinity: {}
@@ -433,7 +441,10 @@ satellite:
config: {}
# satellite_config.yaml: |
# key: val
-
+ securityContext: {}
+ # runAsUser: 1000
+ # runAsGroup: 1000
+ # fsGroup: 1000
nameOverride: ""
fullnameOverride: ""