Made security context configurable

kubernetes-sigs · Jan 24, 2023 · 1ed47d4 · 1ed47d4
1 parent ced97dc
commit 1ed47d4
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 5 deletions.
diff --git a/charts/nfs-server-provisioner/templates/statefulset.yaml b/charts/nfs-server-provisioner/templates/statefulset.yaml
@@ -73,11 +73,10 @@ spec:
             - name: statd-udp
               containerPort: 662
               protocol: UDP
+          {{- with .Values.securityContext }}
           securityContext:
-            capabilities:
-              add:
-                - DAC_READ_SEARCH
-                - SYS_RESOURCE
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           args:
             - "-provisioner={{ include "nfs-provisioner.provisionerName" . }}"
             {{- range $key, $value := .Values.extraArgs }}

diff --git a/charts/nfs-server-provisioner/values.yaml b/charts/nfs-server-provisioner/values.yaml
@@ -39,7 +39,7 @@ service:
 
 persistence:
   enabled: false
-  
+
   ## Existing Persistent Volume Claim
   ## This should be used with persistence.enabled=true
   ## If defined, an existing volume claim will be used, instead
@@ -96,6 +96,12 @@ rbac:
   ##
   serviceAccountName: default
 
+securityContext:
+  capabilities:
+    add:
+      - DAC_READ_SEARCH
+      - SYS_RESOURCE
+
 ## For creating the PriorityClass automatically:
 priorityClass:
   ## Enable creation of a PriorityClass resource for this nfs-server-provisioner instance