diff --git a/chart/k8sdb-controller/Chart.yaml b/chart/k8sdb-controller/Chart.yaml index 7335416..473b0c4 100644 --- a/chart/k8sdb-controller/Chart.yaml +++ b/chart/k8sdb-controller/Chart.yaml @@ -12,4 +12,4 @@ keywords: name: k8sdb-controller sources: - https://github.com/DoodleScheduling/k8sdb-controller -version: 0.2.2 +version: 0.2.3 diff --git a/chart/k8sdb-controller/templates/deployment.yaml b/chart/k8sdb-controller/templates/deployment.yaml index f3b9c0e..38e8af5 100644 --- a/chart/k8sdb-controller/templates/deployment.yaml +++ b/chart/k8sdb-controller/templates/deployment.yaml @@ -96,12 +96,9 @@ spec: name: https protocol: TCP resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi + {{- toYaml .Values.kubeRBACProxy.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.kubeRBACProxy.securityContext | nindent 10 }} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File {{- end }} @@ -114,6 +111,8 @@ spec: secret: secretName: {{ .secretName }} {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} affinity: {{- toYaml .Values.affinity | nindent 8 }} imagePullSecrets: diff --git a/chart/k8sdb-controller/values.yaml b/chart/k8sdb-controller/values.yaml index f1faaac..5a13647 100644 --- a/chart/k8sdb-controller/values.yaml +++ b/chart/k8sdb-controller/values.yaml @@ -82,6 +82,8 @@ securityContext: capabilities: drop: ["all"] readOnlyRootFilesystem: true + +podSecurityContext: runAsGroup: 10000 runAsNonRoot: true runAsUser: 10000 @@ -121,4 +123,18 @@ prometheusRule: kubeRBACProxy: enabled: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + + resources: {} + # limits: + # cpu: 500m + # memory: 128Mi + # requests: + # cpu: 5m + # memory: 64Mi + tolerations: []