Skip to content

Commit

Permalink
Allow specifying pod and container securityContext and fix intendatio…
Browse files Browse the repository at this point in the history 
…ns to make yamllint happy (kuskoman#321)

* Allow specifying securityContext that only applies to pods or containers

* Fix indentations for other parts
  • Loading branch information
@AlexanderThaller
AlexanderThaller authored Apr 8, 2024
1 parent c02df9d commit a863c1e
Show file tree
Hide file tree
Showing 4 changed files with 53 additions and 25 deletions.
38 changes: 20 additions & 18 deletions chart/README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,24 +42,26 @@

### Deployment settings

| Name | Description | Value |
| ------------------------------ | ------------------------------------------------------------ | -------- |
| `deployment.replicas` | Number of replicas for the deployment | `1` |
| `deployment.restartPolicy` | Restart policy for the deployment. | `Always` |
| `deployment.annotations` | Additional deployment annotations | `{}` |
| `deployment.labels` | Additional deployment labels | `{}` |
| `deployment.pullSecret` | Kubernetes secret for pulling the image | `[]` |
| `deployment.resources` | Resource requests and limits | `{}` |
| `deployment.nodeSelector` | Node selector for the deployment | `{}` |
| `deployment.tolerations` | Tolerations for the deployment | `[]` |
| `deployment.podAnnotations` | Additional pod annotations | `{}` |
| `deployment.podLabels` | Additional pod labels | `{}` |
| `deployment.affinity` | Affinity for the deployment | `{}` |
| `deployment.env` | Additional environment variables | `{}` |
| `deployment.envFrom` | Additional environment variables from config maps or secrets | `[]` |
| `deployment.priorityClassName` | Priority class name for the deployment | `""` |
| `deployment.dnsConfig` | DNS configuration for the deployment | `{}` |
| `deployment.securityContext` | Security context for the deployment | `{}` |
| Name | Description | Value |
| ------------------------------------- | ---------------------------------------------------------------------- | -------- |
| `deployment.replicas` | Number of replicas for the deployment | `1` |
| `deployment.restartPolicy` | Restart policy for the deployment. | `Always` |
| `deployment.annotations` | Additional deployment annotations | `{}` |
| `deployment.labels` | Additional deployment labels | `{}` |
| `deployment.pullSecret` | Kubernetes secret for pulling the image | `[]` |
| `deployment.resources` | Resource requests and limits | `{}` |
| `deployment.nodeSelector` | Node selector for the deployment | `{}` |
| `deployment.tolerations` | Tolerations for the deployment | `[]` |
| `deployment.podAnnotations` | Additional pod annotations | `{}` |
| `deployment.podLabels` | Additional pod labels | `{}` |
| `deployment.affinity` | Affinity for the deployment | `{}` |
| `deployment.env` | Additional environment variables | `{}` |
| `deployment.envFrom` | Additional environment variables from config maps or secrets | `[]` |
| `deployment.priorityClassName` | Priority class name for the deployment | `""` |
| `deployment.dnsConfig` | DNS configuration for the deployment | `{}` |
| `deployment.securityContext` | Security context for the deployment | `{}` |
| `deployment.podSecurityContext` | Security context for the deployment that only applies to the pod | `{}` |
| `deployment.containerSecurityContext` | Security context for the deployment that only applies to the container | `{}` |

### Liveness probe settings

Expand Down
10 changes: 10 additions & 0 deletions chart/schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,16 @@
"description": "Security context for the deployment",
"default": {}
},
"podSecurityContext": {
"type": "object",
"description": "Security context for the deployment that only applies to the pod",
"default": {}
},
"containerSecurityContext": {
"type": "object",
"description": "Security context for the deployment that only applies to the container",
"default": {}
},
"livenessProbe": {
"type": "object",
"properties": {
Expand Down
24 changes: 17 additions & 7 deletions chart/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,9 +72,14 @@ spec:
{{- toYaml .Values.deployment.nodeSelector | nindent 8 }}
{{- end }}

{{- if .Values.deployment.securityContext }}
{{- if or .Values.deployment.securityContext .Values.deployment.podSecurityContext }}
securityContext:
{{- toYaml .Values.deployment.securityContext | nindent 8 }}
{{- if .Values.deployment.securityContext }}
{{- toYaml .Values.deployment.securityContext | nindent 8 }}
{{- end }}
{{- if .Values.deployment.podSecurityContext }}
{{- toYaml .Values.deployment.podSecurityContext | nindent 8 }}
{{- end }}
{{- end }}

{{- if .Values.deployment.dnsConfig }}
Expand All @@ -101,22 +106,27 @@ spec:

{{- if .Values.deployment.resources }}
resources:
{{- toYaml .Values.deployment.resources | nindent 12 }}
{{- toYaml .Values.deployment.resources | nindent 10 }}
{{- end }}

{{- if .Values.deployment.livenessProbe }}
livenessProbe:
{{- toYaml .Values.deployment.livenessProbe | nindent 12 }}
{{- toYaml .Values.deployment.livenessProbe | nindent 10 }}
{{- end }}

{{- if .Values.deployment.readinessProbe }}
readinessProbe:
{{- toYaml .Values.deployment.readinessProbe | nindent 12 }}
{{- toYaml .Values.deployment.readinessProbe | nindent 10 }}
{{- end }}

{{- with .Values.deployment.securityContext }}
{{- if or .Values.deployment.securityContext .Values.deployment.containerSecurityContext }}
securityContext:
{{- toYaml . | nindent 10 }}
{{- if .Values.deployment.securityContext }}
{{- toYaml .Values.deployment.securityContext | nindent 10 }}
{{- end }}
{{- if .Values.deployment.containerSecurityContext }}
{{- toYaml .Values.deployment.containerSecurityContext | nindent 10 }}
{{- end }}
{{- end }}
ports:
- name: http
Expand Down
6 changes: 6 additions & 0 deletions chart/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -114,6 +114,12 @@ deployment:
## @param deployment.securityContext Security context for the deployment
##
securityContext: {}
## @param deployment.podSecurityContext Security context for the deployment that only applies to the pod
##
podSecurityContext: {}
## @param deployment.containerSecurityContext Security context for the deployment that only applies to the container
##
containerSecurityContext: {}
## @section Liveness probe settings
##
livenessProbe:
Expand Down

0 comments on commit a863c1e

Please sign in to comment.