From 27b90e87ae2ccd78e8560036ede95fcfa041bdf9 Mon Sep 17 00:00:00 2001 From: wparr-circle Date: Mon, 24 Jun 2024 14:28:47 +0100 Subject: [PATCH 1/2] feat: support securityContext and podSecurityContext configuration in helm chart Signed-off-by: wparr-circle --- .../templates/controller/deployment.yaml | 4 ++++ charts/pvc-autoresizer/values.yaml | 15 +++++++++++++++ 2 files changed, 19 insertions(+) diff --git a/charts/pvc-autoresizer/templates/controller/deployment.yaml b/charts/pvc-autoresizer/templates/controller/deployment.yaml index ecd618b..09f941e 100644 --- a/charts/pvc-autoresizer/templates/controller/deployment.yaml +++ b/charts/pvc-autoresizer/templates/controller/deployment.yaml @@ -70,6 +70,8 @@ spec: volumeMounts: - name: certs mountPath: /certs + securityContext: + {{- toYaml .Values.controller.securityContext | nindent 12 }} {{- with .Values.controller.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} @@ -83,3 +85,5 @@ spec: secret: defaultMode: 420 secretName: {{ template "pvc-autoresizer.fullname" . }}-controller + securityContext: + {{- toYaml .Values.controller.podSecurityContext | nindent 8 }} diff --git a/charts/pvc-autoresizer/values.yaml b/charts/pvc-autoresizer/values.yaml index 17d1dc7..f45c223 100644 --- a/charts/pvc-autoresizer/values.yaml +++ b/charts/pvc-autoresizer/values.yaml @@ -45,6 +45,21 @@ controller: # controller.podAnnotations -- Annotations to be added to controller pods. podAnnotations: {} + # controller.podSecurityContext -- Security Context to be applied to the controller pods. + podSecurityContext: {} + + # controller.securityContext -- Security Context to be applied to the controller container within controller pods. + securityContext: {} + # allowPrivilegeEscalation: false + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + # seccompProfile: + # type: RuntimeDefault + # controller.terminationGracePeriodSeconds -- Specify terminationGracePeriodSeconds. terminationGracePeriodSeconds: # 10 From befc39d6a0a40c050e6fcd2d24c9f44f8075bb99 Mon Sep 17 00:00:00 2001 From: wparr-circle Date: Tue, 25 Jun 2024 11:16:06 +0100 Subject: [PATCH 2/2] docs: generate helm-docs for new security context values Signed-off-by: wparr-circle --- charts/pvc-autoresizer/README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/charts/pvc-autoresizer/README.md b/charts/pvc-autoresizer/README.md index b1ab61e..930b4cf 100644 --- a/charts/pvc-autoresizer/README.md +++ b/charts/pvc-autoresizer/README.md @@ -40,8 +40,10 @@ helm upgrade --create-namespace --namespace pvc-autoresizer -i pvc-autoresizer - | controller.nodeSelector | object | `{}` | Map of key-value pairs for scheduling pods on specific nodes. | | controller.podAnnotations | object | `{}` | Annotations to be added to controller pods. | | controller.podLabels | object | `{}` | Pod labels to be added to controller pods. | +| controller.podSecurityContext | object | `{}` | Security Context to be applied to the controller pods. | | controller.replicas | int | `1` | Specify the number of replicas of the controller Pod. | | controller.resources | object | `{"requests":{"cpu":"100m","memory":"20Mi"}}` | Specify resources. | +| controller.securityContext | object | `{}` | Security Context to be applied to the controller container within controller pods. | | controller.terminationGracePeriodSeconds | string | `nil` | Specify terminationGracePeriodSeconds. | | controller.tolerations | object | `{}` | Ensure pods are not scheduled on inappropriate nodes. | | image.pullPolicy | string | `nil` | pvc-autoresizer image pullPolicy. |