Merge pull request #116 from Wieneo/container-security-context

Use HELM chart to configure container security contex

charts/nfs-server-provisioner/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 4.0.8
 description: nfs-server-provisioner is an out-of-tree dynamic provisioner for Kubernetes. You can use it to quickly & easily deploy shared storage that works almost anywhere.
 name: nfs-server-provisioner
-version: 1.6.0
+version: 1.7.0
 maintainers:
 - name: kiall
   email: kiall@macinnes.ie

charts/nfs-server-provisioner/templates/statefulset.yaml

@@ -73,11 +73,10 @@ spec:
             - name: statd-udp
               containerPort: 662
               protocol: UDP
+          {{- with .Values.securityContext }}
           securityContext:
-            capabilities:
-              add:
-                - DAC_READ_SEARCH
-                - SYS_RESOURCE
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           args:
             - "-provisioner={{ include "nfs-provisioner.provisionerName" . }}"
             {{- range $key, $value := .Values.extraArgs }}

charts/nfs-server-provisioner/values.yaml

@@ -39,7 +39,7 @@ service:
 
 persistence:
   enabled: false
-  
+
   ## Existing Persistent Volume Claim
   ## This should be used with persistence.enabled=true
   ## If defined, an existing volume claim will be used, instead
@@ -96,6 +96,12 @@ rbac:
   ##
   serviceAccountName: default
 
+securityContext:
+  capabilities:
+    add:
+      - DAC_READ_SEARCH
+      - SYS_RESOURCE
+
 ## For creating the PriorityClass automatically:
 priorityClass:
   ## Enable creation of a PriorityClass resource for this nfs-server-provisioner instance