From 12a9dc0db3cf226876000e751b0ff22bf2704031 Mon Sep 17 00:00:00 2001 From: Edu-DevOps <77807323+Edu-DevOps@users.noreply.github.com> Date: Tue, 20 Feb 2024 18:27:04 +0100 Subject: [PATCH] Feature/add security context field (#97) * #96 Adding securityContext field to deployment templates --- README.md | 4 ++++ charts/terrakube/Chart.yaml | 2 +- charts/terrakube/templates/deployment-api.yaml | 4 ++++ charts/terrakube/templates/deployment-executor.yaml | 4 ++++ charts/terrakube/templates/deployment-openldap.yaml | 4 ++++ charts/terrakube/templates/deployment-registry.yaml | 4 ++++ charts/terrakube/templates/deployment-ui.yaml | 4 ++++ charts/terrakube/values.yaml | 6 +++++- 8 files changed, 30 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7e3b22d..202f78b 100644 --- a/README.md +++ b/README.md @@ -270,6 +270,7 @@ Once you have completed the above steps you can complete the file values.yaml to | api.properties.databaseName | No | | | api.properties.databaseUser | No | | | api.properties.databasePassword | No | | +| api.securityContext | No | Fill securityContext field | | executor.enabled | Yes | true/false | | executor.version | Yes | Terrakube Executor version | | executor.replicaCount | Yes | | @@ -280,6 +281,7 @@ Once you have completed the above steps you can complete the file values.yaml to | executor.volumeMounts | No | | | executor.properties.toolsRepository | Yes | Example: https://github.com/AzBuilder/terrakube-extensions | | executor.properties.toolsBranch | Yes | Example: main | +| executor.securityContext | No | Fill securityContext field | | registry.enabled | Yes | | | registry.version | Yes | | | registry.replicaCount | Yes | | @@ -288,11 +290,13 @@ Once you have completed the above steps you can complete the file values.yaml to | registry.env | No | | | registry.volumes | No | | | registry.volumeMounts | No | | +| registry.securityContext | No | Fill securityContext field | | ui.enabled | Yes | true/false | | ui.version | Yes | | | ui.replicaCount | Yes | | | ui.serviceAccountName | No | Kubernetes Service Account name | | ui.serviceType | Yes | ClusterIP/NodePort/LoadBalancer/ExternalName | +| ui.securityContext | No | Fill securityContext field | | ingress.ui.useTls | Yes | true/false | | ingress.ui.enabled | Yes | true/false | | ingress.ui.domain | Yes | | diff --git a/charts/terrakube/Chart.yaml b/charts/terrakube/Chart.yaml index 5f90794..d46fd57 100644 --- a/charts/terrakube/Chart.yaml +++ b/charts/terrakube/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 3.13.1 +version: 3.14.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/charts/terrakube/templates/deployment-api.yaml b/charts/terrakube/templates/deployment-api.yaml index f686b87..08da985 100644 --- a/charts/terrakube/templates/deployment-api.yaml +++ b/charts/terrakube/templates/deployment-api.yaml @@ -76,4 +76,8 @@ spec: {{- with .Values.api.serviceAccountName }} serviceAccountName: {{ quote . }} {{- end }} + {{- with .Values.api.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{ end }} diff --git a/charts/terrakube/templates/deployment-executor.yaml b/charts/terrakube/templates/deployment-executor.yaml index 6ab2659..7418535 100644 --- a/charts/terrakube/templates/deployment-executor.yaml +++ b/charts/terrakube/templates/deployment-executor.yaml @@ -76,4 +76,8 @@ spec: {{- with .Values.executor.serviceAccountName }} serviceAccountName: {{ quote . }} {{- end }} + {{- with .Values.executor.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{ end }} diff --git a/charts/terrakube/templates/deployment-openldap.yaml b/charts/terrakube/templates/deployment-openldap.yaml index a34835a..92de56c 100644 --- a/charts/terrakube/templates/deployment-openldap.yaml +++ b/charts/terrakube/templates/deployment-openldap.yaml @@ -46,4 +46,8 @@ spec: items: - key: "config-ldap.ldif" path: "config-ldap.ldif" + {{- with .Values.openldap.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{ end }} diff --git a/charts/terrakube/templates/deployment-registry.yaml b/charts/terrakube/templates/deployment-registry.yaml index d4fe8f2..5e9618f 100644 --- a/charts/terrakube/templates/deployment-registry.yaml +++ b/charts/terrakube/templates/deployment-registry.yaml @@ -76,4 +76,8 @@ spec: {{- with .Values.registry.serviceAccountName }} serviceAccountName: {{ quote . }} {{- end }} + {{- with .Values.registry.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{ end }} diff --git a/charts/terrakube/templates/deployment-ui.yaml b/charts/terrakube/templates/deployment-ui.yaml index 55a7db2..97460ba 100644 --- a/charts/terrakube/templates/deployment-ui.yaml +++ b/charts/terrakube/templates/deployment-ui.yaml @@ -58,4 +58,8 @@ spec: {{- with .Values.ui.serviceAccountName }} serviceAccountName: {{ quote . }} {{- end }} + {{- with .Values.ui.securityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{ end }} diff --git a/charts/terrakube/values.yaml b/charts/terrakube/values.yaml index 6e5b629..74f7c59 100644 --- a/charts/terrakube/values.yaml +++ b/charts/terrakube/values.yaml @@ -16,6 +16,7 @@ security: ## OpenLdap openldap: podLabels: {} + securityContext: {} ## Dex dex: @@ -171,6 +172,7 @@ api: defaultRedis: true loadSampleData: true terraformReleasesUrl: "https://releases.hashicorp.com/terraform/index.json" + securityContext: {} cache: moduleCacheMaxTotal: "128" moduleCacheMaxIdle: "128" @@ -207,7 +209,7 @@ executor: properties: toolsRepository: "https://github.com/AzBuilder/terrakube-extensions" toolsBranch: "main" - + securityContext: {} ## Registry properties registry: enabled: true @@ -218,6 +220,7 @@ registry: serviceAccountName: "" resources: {} podLabels: {} + securityContext: {} ## UI Properties ui: @@ -229,6 +232,7 @@ ui: serviceAccountName: "" resources: {} podLabels: {} + securityContext: {} ## Ingress properties ingress: