Skip to content

Commit 65d4b0b

Browse files
ErikMeltonErikMelton
committed
Combine the security contexts
1 parent 5970308 commit 65d4b0b

7 files changed

Lines changed: 51 additions & 11 deletions

File tree

charts/common/templates/_container.yaml

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,19 @@
22
name: {{ template "robustName" .Release.Name }}
33
{{- if .Values.securityContext }}
44
securityContext:
5-
{{- toYaml .Values.securityContext | nindent 2 }}
5+
runAsNonRoot: {{ hasKey .Values.securityContext "runAsNonRoot" | ternary .Values.securityContext.runAsNonRoot true }}
6+
runAsUser: {{ hasKey .Values.securityContext "runAsUser" | ternary .Values.securityContext.runAsUser 621 }}
7+
readOnlyRootFilesystem: {{ hasKey .Values.securityContext "readOnlyRootFilesystem" | ternary .Values.securityContext.readOnlyRootFilesystem true }}
8+
{{- range $key, $value := .Values.securityContext }}
9+
{{- if not (or (eq $key "runAsNonRoot") (eq $key "runAsUser") (eq $key "readOnlyRootFilesystem")) }}
10+
{{ $key }}: {{ $value }}
11+
{{- end }}
12+
{{- end }}
613
{{- else }}
714
securityContext:
815
runAsNonRoot: true
916
runAsUser: 621
17+
readOnlyRootFilesystem: true
1018
{{- end }}
1119
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
1220
imagePullPolicy: {{ .Values.image.pullPolicy }}

charts/common/templates/_podSpec.yaml

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,7 +7,13 @@ imagePullSecrets:
77
{{- end }}
88
{{- if .Values.podSecurityContext }}
99
securityContext:
10-
{{- toYaml .Values.podSecurityContext | nindent 2 }}
10+
runAsNonRoot: {{ hasKey .Values.podSecurityContext "runAsNonRoot" | ternary .Values.podSecurityContext.runAsNonRoot true }}
11+
runAsUser: {{ hasKey .Values.podSecurityContext "runAsUser" | ternary .Values.podSecurityContext.runAsUser 621 }}
12+
{{- range $key, $value := .Values.podSecurityContext }}
13+
{{- if not (or (eq $key "runAsNonRoot") (eq $key "runAsUser")) }}
14+
{{ $key }}: {{ $value }}
15+
{{- end }}
16+
{{- end }}
1117
{{- else }}
1218
securityContext:
1319
runAsNonRoot: true

charts/cron-job/charts/common-1.0.1.tgz

129 Bytes
Binary file not shown.

charts/onechart/charts/common-1.0.1.tgz

130 Bytes
Binary file not shown.

docs/cron-job-0.11.0.tgz

6.52 KB
Binary file not shown.

docs/index.yaml

Lines changed: 35 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -2,20 +2,33 @@ apiVersion: v1
22
entries:
33
cron-job:
44
- apiVersion: v2
5-
created: "2025-06-18T10:38:25.777238+02:00"
5+
created: "2025-06-18T11:49:00.249778+02:00"
66
dependencies:
77
- name: common
88
repository: file://../common
99
version: 1.0.1
1010
description: A generic Helm chart for your application deployments.
11-
digest: 1891ba65b541ac7e0fd410a20fb2db3b12983de77e7e1f33b7e5b766a1d62f50
11+
digest: 62f580bfdf3fbcd8317f7c229abf14ac7539c6b9b75279ad1c8d1f4ae7d5363a
12+
name: cron-job
13+
type: application
14+
urls:
15+
- cron-job-0.11.0.tgz
16+
version: 0.11.0
17+
- apiVersion: v2
18+
created: "2025-06-18T11:49:00.249375+02:00"
19+
dependencies:
20+
- name: common
21+
repository: file://../common
22+
version: 1.0.1
23+
description: A generic Helm chart for your application deployments.
24+
digest: 682478b89b9caddec37750379bc257645f1caee97929a6ce39482127440a7485
1225
name: cron-job
1326
type: application
1427
urls:
1528
- cron-job-0.10.0.tgz
1629
version: 0.10.0
1730
- apiVersion: v2
18-
created: "2025-06-18T10:38:25.778427+02:00"
31+
created: "2025-06-18T11:49:00.252108+02:00"
1932
dependencies:
2033
- name: common
2134
repository: file://../common
@@ -28,7 +41,7 @@ entries:
2841
- cron-job-0.9.1.tgz
2942
version: 0.9.1
3043
- apiVersion: v2
31-
created: "2025-06-18T10:38:25.777868+02:00"
44+
created: "2025-06-18T11:49:00.251594+02:00"
3245
dependencies:
3346
- name: common
3447
repository: file://../common
@@ -42,20 +55,33 @@ entries:
4255
version: 0.9.0
4356
onechart:
4457
- apiVersion: v2
45-
created: "2025-06-18T10:38:25.781255+02:00"
58+
created: "2025-06-18T11:49:00.253147+02:00"
59+
dependencies:
60+
- name: common
61+
repository: file://../common
62+
version: 1.0.1
63+
description: A generic Helm chart for your application deployments.
64+
digest: a37914176f72a7313c85b510bdfcfc0e40eda5fdc03d6bfb80bf177f2f8a46dd
65+
name: onechart
66+
type: application
67+
urls:
68+
- onechart-0.11.0.tgz
69+
version: 0.11.0
70+
- apiVersion: v2
71+
created: "2025-06-18T11:49:00.252638+02:00"
4672
dependencies:
4773
- name: common
4874
repository: file://../common
4975
version: 1.0.1
5076
description: A generic Helm chart for your application deployments.
51-
digest: 50aa5d09a25a000cd30e7a161f896d0996149976a1f1c1042aef7853bbc04b45
77+
digest: efd8e191e7eb4423ce880646baa8fc54cf1cd325d6de6c82dac7220480bf5bdc
5278
name: onechart
5379
type: application
5480
urls:
5581
- onechart-0.10.0.tgz
5682
version: 0.10.0
5783
- apiVersion: v2
58-
created: "2025-06-18T10:38:25.782606+02:00"
84+
created: "2025-06-18T11:49:00.254295+02:00"
5985
dependencies:
6086
- name: common
6187
repository: file://../common
@@ -68,7 +94,7 @@ entries:
6894
- onechart-0.9.1.tgz
6995
version: 0.9.1
7096
- apiVersion: v2
71-
created: "2025-06-18T10:38:25.78196+02:00"
97+
created: "2025-06-18T11:49:00.253769+02:00"
7298
dependencies:
7399
- name: common
74100
repository: file://../common
@@ -80,4 +106,4 @@ entries:
80106
urls:
81107
- onechart-0.9.0.tgz
82108
version: 0.9.0
83-
generated: "2025-06-18T10:38:25.776148+02:00"
109+
generated: "2025-06-18T11:49:00.248694+02:00"

docs/onechart-0.11.0.tgz

12.2 KB
Binary file not shown.

0 commit comments

Comments
 (0)