bitnami/mariadb Add security context setup to the metrics containers (#8247)

* Add security context setup to the mariadb metrics containers Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com> * Fix typo * Bump the mariadb chart version Signed-off-by: Davide Madrisan <davide.madrisan@gmail.com> * Bump minor chart version and update the README
2026-03-02 07:49:58 +08:00 · 2021-12-01 17:05:05 +01:00
parent 8f8ce3fccd
commit ebc150352f
5 changed files with 20 additions and 1 deletions
--- a/bitnami/mariadb/Chart.yaml
+++ b/bitnami/mariadb/Chart.yaml
@@ -26,4 +26,4 @@ sources:
  - https://github.com/bitnami/bitnami-docker-mariadb
  - https://github.com/prometheus/mysqld_exporter
  - https://mariadb.org
-version: 10.0.4
+version: 10.1.0
--- a/bitnami/mariadb/README.md
+++ b/bitnami/mariadb/README.md
@@ -303,6 +303,7 @@ The command removes all the Kubernetes components associated with the chart and

 | Name                                         | Description                                                                       | Value                     |
 | -------------------------------------------- | --------------------------------------------------------------------------------- | ------------------------- |
+| `metrics.containerSecurityContext.enabled`   | Metrics container securityContext                                                 | `false`                   |
 | `metrics.enabled`                            | Start a side-car prometheus exporter                                              | `false`                   |
 | `metrics.image.registry`                     | Exporter image registry                                                           | `docker.io`               |
 | `metrics.image.repository`                   | Exporter image repository                                                         | `bitnami/mysqld-exporter` |
--- a/bitnami/mariadb/templates/primary/statefulset.yaml
+++ b/bitnami/mariadb/templates/primary/statefulset.yaml
@@ -270,6 +270,9 @@ spec:
        - name: metrics
          image: {{ include "mariadb.metrics.image" . }}
          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+          {{- if .Values.metrics.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
          env:
            {{- if .Values.auth.usePasswordFiles }}
            - name: MARIADB_ROOT_PASSWORD_FILE
--- a/bitnami/mariadb/templates/secondary/statefulset.yaml
+++ b/bitnami/mariadb/templates/secondary/statefulset.yaml
@@ -253,6 +253,9 @@ spec:
        - name: metrics
          image: {{ include "mariadb.metrics.image" . }}
          imagePullPolicy: {{ .Values.metrics.image.pullPolicy | quote }}
+          {{- if .Values.metrics.containerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.metrics.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
          env:
            {{- if .Values.auth.usePasswordFiles }}
            - name: MARIADB_ROOT_PASSWORD_FILE
--- a/bitnami/mariadb/values.yaml
+++ b/bitnami/mariadb/values.yaml
@@ -1023,6 +1023,18 @@ metrics:
  extraArgs:
    primary: []
    secondary: []
+  ## MariaDB metrics container Security Context
+  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+  ## @param metrics.containerSecurityContext.enabled Enable security context for MariaDB metrics container
+  ## Example:
+  ##   containerSecurityContext:
+  ##     enabled: true
+  ##     capabilities:
+  ##       drop: ["NET_RAW"]
+  ##     readOnlyRootFilesystem: true
+  ##
+  containerSecurityContext:
+    enabled: false
  ## Mysqld Prometheus exporter resource requests and limits
  ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
  ## We usually recommend not to specify default resources and to leave this as a conscious