Merge pull request #90 from jjouanno-kwaku-it/master

Manage securityContext and podSecurityContext from values.yaml file
PrivateBin · Mar 11, 2024 · 11ee63b · 11ee63b
2 parents 49685d0 + f8e21d2
commit 11ee63b
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 7 deletions.
diff --git a/charts/privatebin/Chart.yaml b/charts/privatebin/Chart.yaml
@@ -6,7 +6,7 @@ name: privatebin
 home: https://privatebin.info/
 icon: https://raw.githubusercontent.com/PrivateBin/assets/master/images/preview/icon.png
 type: application
-version: 0.20.1
+version: 0.21.0
 maintainers:
   - name: bdashrad
     email: [email protected]

diff --git a/charts/privatebin/templates/deployment.yaml b/charts/privatebin/templates/deployment.yaml
@@ -34,10 +34,12 @@ spec:
     spec:
       serviceAccountName: {{ include "privatebin.serviceAccountName" . }}
       automountServiceAccountToken: false
+      {{- if .Values.securityContext }}
       securityContext:
-        runAsUser: {{ .Values.securityContext.runAsUser }}
-        runAsGroup: {{ .Values.securityContext.runAsGroup }}
-        fsGroup: {{ .Values.securityContext.fsGroup }}
+        {{- with .Values.securityContext }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- end }}
       {{- if .Values.image.pullSecrets }}
       imagePullSecrets:
       {{- range .Values.image.pullSecrets }}
@@ -52,10 +54,12 @@ spec:
             - name: http
               containerPort: 8080
               protocol: TCP
+          {{- if .Values.podSecurityContext }}
           securityContext:
-            readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }}
-            privileged: false
-            allowPrivilegeEscalation: false
+            {{- with .Values.podSecurityContext }}
+            {{- toYaml . | nindent 12 }}
+            {{- end }}
+          {{- end }}
           livenessProbe:
             httpGet:
               path: /

diff --git a/charts/privatebin/values.yaml b/charts/privatebin/values.yaml
@@ -57,7 +57,11 @@ securityContext:
   runAsUser: 65534
   runAsGroup: 82
   fsGroup: 82
+
+podSecurityContext:
   readOnlyRootFilesystem: true
+  privileged: false
+  allowPrivilegeEscalation: false
 
 extraVolumes: []
   # Optionally specify extra list of additional volumes for PrivateBin pod.