Add Pod and Container security context overrides#74
Merged
GrigoryPervakov merged 1 commit intomainfrom Feb 4, 2026
Merged
Conversation
There was a problem hiding this comment.
Pull request overview
This PR adds support for security context overrides at both Pod and Container levels in KeeperCluster and ClickHouseCluster resources, addressing a gap in the API that prevented users from customizing security settings.
Changes:
- Added
SecurityContextfields toPodTemplateSpecandContainerTemplateSpecstructs in the API - Updated template generation logic to apply security context overrides when specified
- Added test coverage to verify security context overrides are properly applied to StatefulSets
Reviewed changes
Copilot reviewed 9 out of 11 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| api/v1alpha1/common.go | Added SecurityContext fields to PodTemplateSpec and ContainerTemplateSpec |
| api/v1alpha1/zz_generated.deepcopy.go | Generated DeepCopy methods for new SecurityContext fields |
| internal/controller/keeper/templates.go | Applied container and pod security context overrides in StatefulSet template |
| internal/controller/clickhouse/templates.go | Applied container and pod security context overrides in StatefulSet template |
| internal/controller/keeper/controller_test.go | Added test case to verify security context overrides are applied |
| internal/controller/clickhouse/controller_test.go | Added test case to verify security context overrides are applied |
| docs/api_reference.md | Updated documentation to reflect security context fields as overrides |
| config/crd/bases/clickhouse.com_keeperclusters.yaml | Added CRD schema for SecurityContext fields |
| config/crd/bases/clickhouse.com_clickhouseclusters.yaml | Added CRD schema for SecurityContext fields |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
GrigoryPervakov
force-pushed
the
security-context
branch
from
b991475 to
1f9cb34
Compare
GrigoryPervakov
force-pushed
the
security-context
branch
from
1f9cb34 to
0480572
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
Pod and Container security context overrides were missing
What
Added the ability to override the securityContext on the Pod or Container level
Related Issues
Fixes: #68