Expand deployment security context configurability

jouve / charts

GNU General Public License v3.0

10 stars 16 forks source link

Expand deployment security context configurability #47

Closed ksangers closed 5 months ago

ksangers commented 5 months ago

Adds the option to configure the pod's security context using the values.yaml.

I ran into the issue that I could not add additional values to the pod's security context. So I've moved them into values.yaml

jouve commented 5 months ago

great :)

btw, what are you adding (maybe we can use your options by default) ?

ksangers commented 5 months ago

I'm using the following:

podSecurityContext:
  privileged: false
  allowPrivilegeEscalation: false
  runAsNonRoot: true
  runAsUser: 1001
  runAsGroup: 1001
  seccompProfile:
    type: RuntimeDefault
  capabilities:
    drop:
      - ALL

I can add it if you want. And if so: What should the version in Chart.yaml become?

jouve commented 5 months ago

let's do another one for seccompProfile & capabilities drop :)

jouve commented 5 months ago

@ksangers in https://github.com/jouve/charts/pull/48/files#diff-0443590f260953355c0f395b44a54dc051dbba81c3482ec59eb5e9de2b30cb88R85, I changed podSecurityContext to be securityContext of the pod & renamed your new value to containerSecurityContext for the securityContext of the mailpit container

ksangers commented 5 months ago

Nice work, thanks!