feat: Add Helm configuration for container security context (#411)

* feat: Add Helm configuration for container security context * docs: Update chart's README
grafana · Jun 10, 2024 · be7b9e0 · be7b9e0
1 parent add1c1f
commit be7b9e0
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 1 deletion.
diff --git a/charts/k6-operator/README.md b/charts/k6-operator/README.md
@@ -25,6 +25,7 @@ Kubernetes: `>=1.16.0-0`
 | Key | Type | Default | Description |
 |-----|------|---------|-------------|
 | affinity | object | `{}` | Affinity to be applied on all containers |
+| authProxy.containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for the container. |
 | authProxy.enabled | bool | `true` | enables the protection of /metrics endpoint. (https://github.com/brancz/kube-rbac-proxy) |
 | authProxy.image.pullPolicy | string | `"IfNotPresent"` | pull policy for the image can be Always, Never, IfNotPresent (default: IfNotPresent) |
 | authProxy.image.registry | string | `"gcr.io"` |  |
@@ -38,6 +39,7 @@ Kubernetes: `>=1.16.0-0`
 | global.image.pullSecrets | list | `[]` | Optional set of global image pull secrets |
 | global.image.registry | string | `""` | Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) |
 | installCRDs | bool | `true` | Installs CRDs as part of the release |
+| manager.containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for the container. |
 | manager.env | object | `{}` | Environment variables to be applied on the controller |
 | manager.image.pullPolicy | string | `"IfNotPresent"` | pull policy for the image possible values Always, Never, IfNotPresent (default: IfNotPresent) |
 | manager.image.registry | string | `"ghcr.io"` |  |
@@ -60,4 +62,4 @@ Kubernetes: `>=1.16.0-0`
 | tolerations | object | `{}` | Tolerations to be applied on all containers |
 
 ----------------------------------------------
-Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
+Autogenerated from chart metadata using [helm-docs v1.13.1](https://github.com/norwoodj/helm-docs/releases/v1.13.1)
diff --git a/charts/k6-operator/templates/deployment.yaml b/charts/k6-operator/templates/deployment.yaml
@@ -52,6 +52,10 @@ spec:
           ports:
             - containerPort: 8443
               name: https
+         {{- if .Values.authProxy.containerSecurityContext }}
+          securityContext:
+            {{- toYaml .Values.authProxy.containerSecurityContext | nindent 12 }}
+         {{- end }}            
         {{- end }}
         - name: manager
           image: "{{ .Values.global.image.registry | default .Values.manager.image.registry }}/{{ .Values.manager.image.repository }}:{{ .Values.manager.image.tag }}"
@@ -72,6 +76,10 @@ spec:
               {{- toYaml . | nindent 10 }}
             {{- end }}
           {{- end }}
+         {{- if .Values.manager.containerSecurityContext }}
+          securityContext:
+            {{- toYaml .Values.manager.containerSecurityContext | nindent 12 }}
+         {{- end }}
           command:
             - /manager
           args:

diff --git a/charts/k6-operator/values.yaml b/charts/k6-operator/values.yaml
@@ -55,6 +55,8 @@ authProxy:
   livenessProbe: {}
   # authProxy.readinessProbe -- Readiness probe in Probe format
   readinessProbe: {}
+  # authProxy.containerSecurityContext -- A security context defines privileges and access control settings for the container.
+  containerSecurityContext: {}
 
 manager:
   # manager.replicas -- number of controller-manager replicas (default: 1)
@@ -91,3 +93,5 @@ manager:
       cpu: 100m
       # manager.resources.requests.memory -- controller-manager Memory request (Min)
       memory: 50Mi
+  # manager.containerSecurityContext -- A security context defines privileges and access control settings for the container.
+  containerSecurityContext: {}