Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Overwrite security context and disable graphql init container #370

Merged
merged 4 commits into from
Aug 23, 2022
Merged

Overwrite security context and disable graphql init container #370

merged 4 commits into from
Aug 23, 2022

Conversation

aanogueira
Copy link
Contributor

Summary

Added possibility to overwrite security context and to disable init container for graphql db upgrades.

Importance

When using Istio, having the init container causes the the application to malfunction with Istio sidecar injection.
If we update the chart, we don't need the database to always be upgrading. So either adding the possibility to overwrite the init container security context (Istio suggestion Set the uid of the init container to 1337 using runAsUser. 1337 is the uid used by the sidecar proxy. Traffic sent by this uid is not captured by the Istio's iptables rule. Application container traffic will still be captured as usual.) or to completely disable would be pretty helpful.

Checklist

This PR:

  • adds new tests (if appropriate)
  • adds a change file in the changes/ directory (if appropriate)

zanieb
zanieb reviewed May 18, 2022
View reviewed changes
Copy link
Contributor

@zanieb zanieb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for contributing! This looks good to me. I'll probably get a review from someone on our platform team as well.

Can you restore the changes/EXAMPLE.yaml file?

@aanogueira
Copy link
Contributor Author

Sorry for the late reply.
File has been restored.

@gabcoyne
Copy link

gabcoyne commented Jun 3, 2022

This looks good to me as well

@zanieb zanieb merged commit e0fba71 into PrefectHQ:master Aug 23, 2022
@zanieb zanieb mentioned this pull request Sep 7, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zanieb zanieb zanieb approved these changes

@cicdw cicdw Awaiting requested review from cicdw

@zangell44 zangell44 Awaiting requested review from zangell44

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@aanogueira @gabcoyne @zanieb