Adds optional support to the secret-replicator chart for:
Passing the SECRET_NAMESPACE env var
Setting the pod securityContext
Setting the container securityContext
Why do we need this?
Firstly, in our deployment, we want to isolate secret-replicator from the secrets which it generates.
Secondly, setting securityContexts allows "locking-down" the pod in sense of disabling privileged mode, enforcing readOnlyRootFilesystem (only at the container level).
All the changes I've prosposed are opt-in, and I've updated the README accordingly.
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
What this PR does / why we need it:
(this is a retry of https://github.com/kiwigrid/helm-charts/pull/417, since I couldn't get signed commits to work with the a rebase, due to my n00bness)
Adds optional support to the secret-replicator chart for:
SECRET_NAMESPACEenv varsecurityContextsecurityContextWhy do we need this?
Firstly, in our deployment, we want to isolate secret-replicator from the secrets which it generates.
Secondly, setting
securityContextsallows "locking-down" the pod in sense of disabling privileged mode, enforcing readOnlyRootFilesystem (only at the container level).All the changes I've prosposed are opt-in, and I've updated the README accordingly.
Special notes for your reviewer:
Checklist
[Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.]
[fluentd-elasticsearch])