Add securityContext and podSecurityContext in Helm Chart

jertel · Jun 21, 2021 · d96aed4 · d96aed4
1 parent 5a56ccd
commit d96aed4
Show file tree

Hide file tree

Showing 3 changed files with 19 additions and 0 deletions.
diff --git a/chart/elastalert2/README.md b/chart/elastalert2/README.md
@@ -50,6 +50,8 @@ The command removes all the Kubernetes components associated with the chart and
 | `image.tag`                                  | docker image tag                                                                                                              | 2.1.1                           |
 | `image.pullPolicy`                           | image pull policy                                                                                                             | IfNotPresent                    |
 | `podAnnotations`                             | Annotations to be added to pods                                                                                               | {}                              |
+| `podSecurityContext`                         | Configurable podSecurityContext for pod execution environment                                                                 | {}                              |
+| `securityContext`                            | Allows you to set the securityContext for the container                                                                       | {}                              |
 | `command`                                    | command override for container                                                                                                | `NULL`                          |
 | `args`                                       | args override for container                                                                                                   | `NULL`                          |
 | `replicaCount`                               | number of replicas to run                                                                                                     | 1                               |

diff --git a/chart/elastalert2/templates/deployment.yaml b/chart/elastalert2/templates/deployment.yaml
@@ -28,10 +28,18 @@ spec:
         release: {{ .Release.Name }}
     spec:
       serviceAccountName: {{ include "elastalert.serviceAccountName" . }}
+{{- if .Values.podSecurityContext }}
+      securityContext:
+{{ toYaml .Values.podSecurityContext | indent 8 }}
+{{- end }}
       containers:
       - name: elastalert
         image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
         imagePullPolicy: {{ .Values.image.pullPolicy }}
+{{- if .Values.securityContext }}
+        securityContext:
+{{ toYaml .Values.securityContext | indent 10 }}
+{{- end }}
 {{- if .Values.command }}
         command:
 {{ toYaml .Values.command | indent 10 }}

diff --git a/chart/elastalert2/values.yaml b/chart/elastalert2/values.yaml
@@ -197,6 +197,15 @@ serviceAccount:
 podSecurityPolicy:
   create: false
 
+# securityContext:
+#   runAsNonRoot: true
+#   runAsUser: 1000
+
+# podSecurityContext:
+#   fsGroup: 1000
+#   runAsUser: 1000
+#   runAsGroup: 1000
+
 # Support using node selectors and tolerations
 # nodeSelector:
 #   "node-role.kubernetes.io/infra_worker": "true"