From b562543674cb079eaf567531bf79e5d923ac8991 Mon Sep 17 00:00:00 2001
From: HUSSAIN GANDHI <69318875+Hussain-Gandhi@users.noreply.github.com>
Date: Thu, 15 Jun 2023 15:46:27 +0530
Subject: [PATCH] Feat/added security context (#38)

* feat: added support of security context in polymorphic-app #37
The support for security context is added services, job, cronjob, and worker files.

* fix: changed chart version #37

* fix: optimized flow control for securityContext #37
Added defaults for securityContext.
Used `with` statement instead of `if` statement.
SecurityContext value is picked up from objects and their templates.
---
 charts/polymorphic-app/Chart.yaml             |  2 +-
 charts/polymorphic-app/templates/cronjob.yaml |  4 ++++
 charts/polymorphic-app/templates/job.yaml     |  4 ++++
 charts/polymorphic-app/templates/service.yaml |  4 ++++
 charts/polymorphic-app/templates/worker.yaml  |  4 ++++
 charts/polymorphic-app/values.yaml            | 19 ++++++++++++++++---
 6 files changed, 33 insertions(+), 4 deletions(-)

diff --git a/charts/polymorphic-app/Chart.yaml b/charts/polymorphic-app/Chart.yaml
index e69654c..4a21f2c 100644
--- a/charts/polymorphic-app/Chart.yaml
+++ b/charts/polymorphic-app/Chart.yaml
@@ -4,5 +4,5 @@ description: A Helm chart for deploying any custom applications, specifically po
 maintainers:
   - name: improwised
 type: application
-version: 1.2.0
+version: 1.2.1
 appVersion: 1.0.0
diff --git a/charts/polymorphic-app/templates/cronjob.yaml b/charts/polymorphic-app/templates/cronjob.yaml
index eda81e3..86e22dc 100644
--- a/charts/polymorphic-app/templates/cronjob.yaml
+++ b/charts/polymorphic-app/templates/cronjob.yaml
@@ -81,6 +81,10 @@ spec:
           {{- end }}
           {{- if $.Values.cronJobTemplate.volumeMounts }}
 {{ toYaml $.Values.cronJobTemplate.volumeMounts | indent 12 }}
+          {{- end }}
+          {{- with .securityContext | default $.Values.cronJobTemplate.securityContext }}
+          securityContext:
+{{ toYaml . | indent 12 }}
           {{- end }}
           {{- with .affinity | default $.Values.cronJobTemplate.affinity }}
           affinity:
diff --git a/charts/polymorphic-app/templates/job.yaml b/charts/polymorphic-app/templates/job.yaml
index bcdcdbf..f9fb6e8 100644
--- a/charts/polymorphic-app/templates/job.yaml
+++ b/charts/polymorphic-app/templates/job.yaml
@@ -82,6 +82,10 @@ spec:
           {{- if $.Values.jobTemplate.volumeMounts }}
 {{ toYaml $.Values.jobTemplate.volumeMounts | indent 10 }}
           {{- end }}
+      {{- with .securityContext | default $.Values.jobTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       {{- with .affinity | default $.Values.jobTemplate.affinity }}
       affinity:
       {{ toYaml . | indent 8 }}
diff --git a/charts/polymorphic-app/templates/service.yaml b/charts/polymorphic-app/templates/service.yaml
index 7529cc5..5653b9a 100644
--- a/charts/polymorphic-app/templates/service.yaml
+++ b/charts/polymorphic-app/templates/service.yaml
@@ -152,6 +152,10 @@ spec:
             periodSeconds: {{ .healthcheck.periodSeconds | default $.Values.serviceTemplate.healthcheck.periodSeconds | default "20" }}
           {{- end }}
         {{- end }}
+      {{- with .securityContext | default $.Values.serviceTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       volumes:
       {{- if .volumes }}
 {{ toYaml .volumes | indent 8 }}
diff --git a/charts/polymorphic-app/templates/worker.yaml b/charts/polymorphic-app/templates/worker.yaml
index 8ddf4c7..fd52555 100644
--- a/charts/polymorphic-app/templates/worker.yaml
+++ b/charts/polymorphic-app/templates/worker.yaml
@@ -139,6 +139,10 @@ spec:
             {{- end }}
             successThreshold: 1
         {{- end }}
+      {{- with .securityContext | default $.Values.workerTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       volumes:
       {{- if .volumes }}
 {{ toYaml .volumes | indent 8 }}
diff --git a/charts/polymorphic-app/values.yaml b/charts/polymorphic-app/values.yaml
index 691849c..d08e184 100644
--- a/charts/polymorphic-app/values.yaml
+++ b/charts/polymorphic-app/values.yaml
@@ -61,7 +61,10 @@ serviceTemplate:
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
   annotations: {}
   nodeSelector: {}
   tolerations: []
@@ -120,7 +123,10 @@ workerTemplate:
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
   nodeSelector: {}
 
   tolerations: []
@@ -200,6 +206,10 @@ cronJobTemplate:
   volumeMounts: []
   annotations: {}
   volumes: []
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
 
 cronJobs:
 #   - name: update-status
@@ -242,7 +252,10 @@ jobTemplate:
   command:
   annotations: []
   volumeMounts: []
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
   volumes: []
 
 jobs: