Skip to content

Addresses Issue 81 -- Adds support for container-level security contexts #82

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 9 commits into from
Sep 17, 2025
Merged

Addresses Issue 81 -- Adds support for container-level security contexts #82

merged 9 commits into from
Sep 17, 2025

Conversation

trhynard
Copy link
Contributor

Proposed changes

This PR adds support for container-level security contexts in the Deepgram Self-Hosted Helm chart, addressing issue #81. Previously, the chart only supported pod-level security contexts, which limited security configuration granularity.

Types of changes

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation update or tests (if none of the other choices apply)

Checklist

Put an x in the boxes that apply. You can also fill these out after creating the PR. If you're unsure about any of them, don't hesitate to ask. We're here to help! This is simply a reminder of what we are going to look for before merging your code.

  • I have read the CONTRIBUTING doc
  • I have tested my changes in my local self-hosted environment
    • I used this chart to install Deepgram in our non-prod k8s cluster, verified correct deployment config and that the application operates correctly
  • I have added necessary documentation (if appropriate)

Further comments

New functionality:

  • Container-level security contexts allow for more fine-grained security control, essential for enterprise deployments
  • Enables different security settings for containers within the same pod
  • Supports advanced security features like capability dropping, seccomp profiles, and privilege escalation controls

The implementation follows existing chart patterns and maintains full backward compatibility. All existing securityContext configurations will continue to work unchanged.

@trhynard trhynard requested review from therealevanhenry and a team as code owners August 21, 2025 14:28
TJ Rhynard added 5 commits August 25, 2025 22:03
Fix securityContext template references for API and Engine deployments
31aa520 
API and Engine deployments were incorrectly referencing licenseProxy.securityContext
instead of their respective api.securityContext and engine.securityContext values.
Fix misleading securityContext documentation comments
02583f9 
Comments for Engine and License Proxy securityContext fields incorrectly
stated 'for API pods' instead of their respective component names.
Add container-level security context support to Helm templates
e38e28d 
  - Add containerSecurityContext field to API, Engine, and License Proxy components
  - Add proper template conditionals for security context rendering
Clean up comments
fe91b10
helm-docs
edf92ac
@jkroll-deepgram jkroll-deepgram merged commit d46ce3b into deepgram:main Sep 17, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jkroll-deepgram jkroll-deepgram jkroll-deepgram approved these changes

@therealevanhenry therealevanhenry Awaiting requested review from therealevanhenry therealevanhenry is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@trhynard @jkroll-deepgram