diff --git a/charts/privatebin/Chart.yaml b/charts/privatebin/Chart.yaml index b85f20e..44d601d 100644 --- a/charts/privatebin/Chart.yaml +++ b/charts/privatebin/Chart.yaml @@ -6,7 +6,7 @@ name: privatebin home: https://privatebin.info/ icon: https://raw.githubusercontent.com/PrivateBin/assets/master/images/preview/icon.png type: application -version: 0.20.1 +version: 0.21.0 maintainers: - name: bdashrad email: bdashrad@gmail.com diff --git a/charts/privatebin/templates/deployment.yaml b/charts/privatebin/templates/deployment.yaml index c741af2..063fcd6 100644 --- a/charts/privatebin/templates/deployment.yaml +++ b/charts/privatebin/templates/deployment.yaml @@ -34,10 +34,12 @@ spec: spec: serviceAccountName: {{ include "privatebin.serviceAccountName" . }} automountServiceAccountToken: false + {{- if .Values.securityContext }} securityContext: - runAsUser: {{ .Values.securityContext.runAsUser }} - runAsGroup: {{ .Values.securityContext.runAsGroup }} - fsGroup: {{ .Values.securityContext.fsGroup }} + {{- with .Values.securityContext }} + {{- toYaml . | nindent 8 }} + {{- end }} + {{- end }} {{- if .Values.image.pullSecrets }} imagePullSecrets: {{- range .Values.image.pullSecrets }} @@ -52,10 +54,12 @@ spec: - name: http containerPort: 8080 protocol: TCP + {{- if .Values.podSecurityContext }} securityContext: - readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem }} - privileged: false - allowPrivilegeEscalation: false + {{- with .Values.podSecurityContext }} + {{- toYaml . | nindent 12 }} + {{- end }} + {{- end }} livenessProbe: httpGet: path: / diff --git a/charts/privatebin/values.yaml b/charts/privatebin/values.yaml index b69211b..acea891 100644 --- a/charts/privatebin/values.yaml +++ b/charts/privatebin/values.yaml @@ -57,7 +57,11 @@ securityContext: runAsUser: 65534 runAsGroup: 82 fsGroup: 82 + +podSecurityContext: readOnlyRootFilesystem: true + privileged: false + allowPrivilegeEscalation: false extraVolumes: [] # Optionally specify extra list of additional volumes for PrivateBin pod.