Feat/added security context (#38)

* feat: added support of security context in polymorphic-app #37 The support for security context is added services, job, cronjob, and worker files. * fix: changed chart version #37 * fix: optimized flow control for securityContext #37 Added defaults for securityContext. Used `with` statement instead of `if` statement. SecurityContext value is picked up from objects and their templates.
2023-06-15 15:46:27 +05:30 · 2023-06-15 15:46:27 +05:30 · b562543674
parent fff1ffe3b1
commit b562543674
6 changed files with 33 additions and 4 deletions
--- a/charts/polymorphic-app/Chart.yaml
+++ b/charts/polymorphic-app/Chart.yaml
@ -4,5 +4,5 @@ description: A Helm chart for deploying any custom applications, specifically po
 maintainers:
  - name: improwised
 type: application
-version: 1.2.0
+version: 1.2.1
 appVersion: 1.0.0
--- a/charts/polymorphic-app/templates/cronjob.yaml
+++ b/charts/polymorphic-app/templates/cronjob.yaml
@ -81,6 +81,10 @@ spec:
          {{- end }}
          {{- if $.Values.cronJobTemplate.volumeMounts }}
 {{ toYaml $.Values.cronJobTemplate.volumeMounts | indent 12 }}
+          {{- end }}
+          {{- with .securityContext | default $.Values.cronJobTemplate.securityContext }}
+          securityContext:
+{{ toYaml . | indent 12 }}
          {{- end }}
          {{- with .affinity | default $.Values.cronJobTemplate.affinity }}
          affinity:
--- a/charts/polymorphic-app/templates/job.yaml
+++ b/charts/polymorphic-app/templates/job.yaml
@ -82,6 +82,10 @@ spec:
          {{- if $.Values.jobTemplate.volumeMounts }}
 {{ toYaml $.Values.jobTemplate.volumeMounts | indent 10 }}
          {{- end }}
+      {{- with .securityContext | default $.Values.jobTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
      {{- with .affinity | default $.Values.jobTemplate.affinity }}
      affinity:
      {{ toYaml . | indent 8 }}
--- a/charts/polymorphic-app/templates/service.yaml
+++ b/charts/polymorphic-app/templates/service.yaml
@ -152,6 +152,10 @@ spec:
            periodSeconds: {{ .healthcheck.periodSeconds | default $.Values.serviceTemplate.healthcheck.periodSeconds | default "20" }}
          {{- end }}
        {{- end }}
+      {{- with .securityContext | default $.Values.serviceTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
      volumes:
      {{- if .volumes }}
 {{ toYaml .volumes | indent 8 }}
--- a/charts/polymorphic-app/templates/worker.yaml
+++ b/charts/polymorphic-app/templates/worker.yaml
@ -139,6 +139,10 @@ spec:
            {{- end }}
            successThreshold: 1
        {{- end }}
+      {{- with .securityContext | default $.Values.workerTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
      volumes:
      {{- if .volumes }}
 {{ toYaml .volumes | indent 8 }}
--- a/charts/polymorphic-app/values.yaml
+++ b/charts/polymorphic-app/values.yaml
@ -61,7 +61,10 @@ serviceTemplate:
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
  annotations: {}
  nodeSelector: {}
  tolerations: []
@ -120,7 +123,10 @@ workerTemplate:
    # requests:
    #  cpu: 100m
    #  memory: 128Mi
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
  nodeSelector: {}

  tolerations: []
@ -200,6 +206,10 @@ cronJobTemplate:
  volumeMounts: []
  annotations: {}
  volumes: []
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001

 cronJobs:
 #   - name: update-status
@ -242,7 +252,10 @@ jobTemplate:
  command:
  annotations: []
  volumeMounts: []
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
  volumes: []

 jobs: