feat: make pod securitycontext configurable in helm chart

snyk · Oct 1, 2024 · e51de40 · e51de40
1 parent 5191b13
commit e51de40
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 12 deletions.
diff --git a/snyk-monitor/templates/deployment.yaml b/snyk-monitor/templates/deployment.yaml
@@ -33,9 +33,9 @@ spec:
         {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
-      {{- with .Values.securityContext.fsGroup }}
+      {{- with .Values.podSecurityContext }}
       securityContext:
-        fsGroup: {{ int . }}
+        {{- toYaml . | nindent 8 }}
       {{- end }}
       affinity:
         nodeAffinity:
@@ -250,14 +250,10 @@ spec:
             exec:
               command:
               - "true"
+          {{- with .Values.snykMonitorSecurityContext }}
           securityContext:
-            privileged: false
-            runAsNonRoot: true
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
-            capabilities:
-              drop:
-                - ALL
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
       volumes:
         - name: docker-config
           secret:

diff --git a/snyk-monitor/values.yaml b/snyk-monitor/values.yaml
@@ -134,9 +134,17 @@ excludedNamespaces:
 #   template:
 #     spec:
 #       securityContext:
-#         fsGroup: <-- here
-securityContext:
-  fsGroup:
+#         ... <-- here
+podSecurityContext: {}
+
+snykMonitorSecurityContext:
+  privileged: false
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  capabilities:
+    drop:
+      - ALL
 
 # Set node tolerations for snyk-monitor
 tolerations: []