fix(helm-chart): securityContext/resources configurable for kube-rbac…

… proxy (#38)

* fix(helm-chart): securityContext/resources configurable for kube-rbac proxy

* refactor: remove trailing spaces

chart/k8sdb-controller/Chart.yaml

@@ -12,4 +12,4 @@ keywords:
 name: k8sdb-controller
 sources:
 - https://github.com/DoodleScheduling/k8sdb-controller
-version: 0.2.2
+version: 0.2.3

chart/k8sdb-controller/templates/deployment.yaml

@@ -96,12 +96,9 @@ spec:
           name: https
           protocol: TCP
         resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
+          {{- toYaml .Values.kubeRBACProxy.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.kubeRBACProxy.securityContext | nindent 10 }}
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
       {{- end }}
@@ -114,6 +111,8 @@ spec:
         secret:
           secretName: {{ .secretName }}
       {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       affinity:
         {{- toYaml .Values.affinity | nindent 8 }}
       imagePullSecrets:

chart/k8sdb-controller/values.yaml

@@ -82,6 +82,8 @@ securityContext:
   capabilities:
     drop: ["all"]
   readOnlyRootFilesystem: true
+
+podSecurityContext:
   runAsGroup: 10000
   runAsNonRoot: true
   runAsUser: 10000
@@ -121,4 +123,18 @@ prometheusRule:
 kubeRBACProxy:
   enabled: true
 
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["all"]
+    readOnlyRootFilesystem: true
+
+  resources: {}
+  # limits:
+  #   cpu: 500m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 5m
+  #   memory: 64Mi
+
 tolerations: []