feat: support securityContext and podSecurityContext configuration in…

… helm chart Signed-off-by: wparr-circle <william.parr@circle.com>
topolvm · Jun 24, 2024 · 27b90e8 · 27b90e8
1 parent 0723820
commit 27b90e8
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 0 deletions.
diff --git a/charts/pvc-autoresizer/templates/controller/deployment.yaml b/charts/pvc-autoresizer/templates/controller/deployment.yaml
@@ -70,6 +70,8 @@ spec:
           volumeMounts:
             - name: certs
               mountPath: /certs
+          securityContext:
+            {{- toYaml .Values.controller.securityContext | nindent 12 }}
     {{- with .Values.controller.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}
@@ -83,3 +85,5 @@ spec:
           secret:
             defaultMode: 420
             secretName: {{ template "pvc-autoresizer.fullname" . }}-controller
+      securityContext:
+        {{- toYaml .Values.controller.podSecurityContext | nindent 8 }}
diff --git a/charts/pvc-autoresizer/values.yaml b/charts/pvc-autoresizer/values.yaml
@@ -45,6 +45,21 @@ controller:
   # controller.podAnnotations -- Annotations to be added to controller pods.
   podAnnotations: {}
 
+  # controller.podSecurityContext -- Security Context to be applied to the controller pods.
+  podSecurityContext: {}
+
+  # controller.securityContext -- Security Context to be applied to the controller container within controller pods.
+  securityContext: {}
+    # allowPrivilegeEscalation: false
+    # capabilities:
+    #   drop:
+    #     - ALL
+    # readOnlyRootFilesystem: true
+    # runAsNonRoot: true
+    # runAsUser: 1000
+    # seccompProfile:
+    #   type: RuntimeDefault
+
   # controller.terminationGracePeriodSeconds -- Specify terminationGracePeriodSeconds.
   terminationGracePeriodSeconds:  # 10