search

bjw-s / helm-charts

A collection of Helm charts
https://bjw-s.github.io/helm-charts/
Apache License 2.0
535 stars 100 forks source link

Add default container securityContext #204

Open JJGadgets opened 9 months ago

JJGadgets commented 9 months ago

Details

Describe the solution you'd like:

Since there is a defaultPodOptions.securityContext in app-template v2.0, it would be nice to have a defaultContainerSecurityContext or similar so that a standardized securityContext can be applied to all containers in a HelmRelease using app-template.

This would be helpful for e.g. meeting restricted pod-security policy.

JJGadgets commented 9 months ago

As noted in Discord: more consideration and discussion would be needed, for factors such as how global should this be scoped (e.g. all containers in all controllers, all containers in a given controller, etc).

onedr0p commented 3 months ago

A possible solution could be what I recommended in https://github.com/bjw-s/helm-charts/issues/254#issuecomment-2057012021 ?

I think it should apply to all containers in all controllers, since that is the behavior of defaultPodOptions