Feat/added security context (#38)

* feat: added support of security context in polymorphic-app #37 The support for security context is added services, job, cronjob, and worker files. * fix: changed chart version #37 * fix: optimized flow control for securityContext #37 Added defaults for securityContext. Used `with` statement instead of `if` statement. SecurityContext value is picked up from objects and their templates.
Improwised · Jun 15, 2023 · b562543 · b562543
1 parent fff1ffe
commit b562543
Show file tree

Hide file tree

Showing 6 changed files with 33 additions and 4 deletions.
diff --git a/charts/polymorphic-app/Chart.yaml b/charts/polymorphic-app/Chart.yaml
@@ -4,5 +4,5 @@ description: A Helm chart for deploying any custom applications, specifically po
 maintainers:
   - name: improwised
 type: application
-version: 1.2.0
+version: 1.2.1
 appVersion: 1.0.0
diff --git a/charts/polymorphic-app/templates/cronjob.yaml b/charts/polymorphic-app/templates/cronjob.yaml
@@ -81,6 +81,10 @@ spec:
           {{- end }}
           {{- if $.Values.cronJobTemplate.volumeMounts }}
 {{ toYaml $.Values.cronJobTemplate.volumeMounts | indent 12 }}
+          {{- end }}
+          {{- with .securityContext | default $.Values.cronJobTemplate.securityContext }}
+          securityContext:
+{{ toYaml . | indent 12 }}
           {{- end }}
           {{- with .affinity | default $.Values.cronJobTemplate.affinity }}
           affinity:

diff --git a/charts/polymorphic-app/templates/job.yaml b/charts/polymorphic-app/templates/job.yaml
@@ -82,6 +82,10 @@ spec:
           {{- if $.Values.jobTemplate.volumeMounts }}
 {{ toYaml $.Values.jobTemplate.volumeMounts | indent 10 }}
           {{- end }}
+      {{- with .securityContext | default $.Values.jobTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       {{- with .affinity | default $.Values.jobTemplate.affinity }}
       affinity:
       {{ toYaml . | indent 8 }}

diff --git a/charts/polymorphic-app/templates/service.yaml b/charts/polymorphic-app/templates/service.yaml
@@ -152,6 +152,10 @@ spec:
             periodSeconds: {{ .healthcheck.periodSeconds | default $.Values.serviceTemplate.healthcheck.periodSeconds | default "20" }}
           {{- end }}
         {{- end }}
+      {{- with .securityContext | default $.Values.serviceTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       volumes:
       {{- if .volumes }}
 {{ toYaml .volumes | indent 8 }}

diff --git a/charts/polymorphic-app/templates/worker.yaml b/charts/polymorphic-app/templates/worker.yaml
@@ -139,6 +139,10 @@ spec:
             {{- end }}
             successThreshold: 1
         {{- end }}
+      {{- with .securityContext | default $.Values.workerTemplate.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+      {{- end }}
       volumes:
       {{- if .volumes }}
 {{ toYaml .volumes | indent 8 }}

diff --git a/charts/polymorphic-app/values.yaml b/charts/polymorphic-app/values.yaml
@@ -61,7 +61,10 @@ serviceTemplate:
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
   annotations: {}
   nodeSelector: {}
   tolerations: []
@@ -120,7 +123,10 @@ workerTemplate:
     # requests:
     #  cpu: 100m
     #  memory: 128Mi
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
   nodeSelector: {}
 
   tolerations: []
@@ -200,6 +206,10 @@ cronJobTemplate:
   volumeMounts: []
   annotations: {}
   volumes: []
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
 
 cronJobs:
 #   - name: update-status
@@ -242,7 +252,10 @@ jobTemplate:
   command:
   annotations: []
   volumeMounts: []
-
+  securityContext: {}
+    # fsGroup: 1001
+    # runAsGroup: 1001
+    # runAsUser: 1001
   volumes: []
 
 jobs: