Some relatively newer security-policy settings such as seccompProfile are not rendered, which causes problems when using the chart on clusters with active security-policies.
Suggestion is to render the complete settings from values.yaml, instead of rendering particular parameters:
{{- if .Values.podSecurityContext }}
securityContext:
{{- include "common.tplvalues.render" (dict "value" .Values.podSecurityContext "context" $) | nindent 8 }}
{{- end }}
Or, preferably with the possibility to accommodate an enabled parameter:
{{- $securityContext := include "common.tplvalues.render" (dict "value" .Values.podSecurityContext "context" $) | fromYaml }}
{{- if and $securityContext $securityContext.enabled }}
securityContext: {{- omit $securityContext "enabled" | toYaml | nindent 8 }}
{{- end }}
Here are the locations that these changes are applicable:
Some relatively newer security-policy settings such as
seccompProfileare not rendered, which causes problems when using the chart on clusters with active security-policies.Suggestion is to render the complete settings from
values.yaml, instead of rendering particular parameters:Or, preferably with the possibility to accommodate an
enabledparameter:Here are the locations that these changes are applicable: