feat(securityContext): Add the ability to set securityContext values (#135)
Adds the capability to set securityContext values at the pod and container levels. This is needed in order to deploy into a namespace with PSA enforcing at the restricted level.
Signed-off-by: bryopsida <8363252+bryopsida@users.noreply.github.com>
diff --git a/couchdb/Chart.yaml b/couchdb/Chart.yaml
index e04d936..01b4e57 100644
--- a/couchdb/Chart.yaml
+++ b/couchdb/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v1
name: couchdb
-version: 4.4.5
+version: 4.5.0
appVersion: 3.3.2
description: A database featuring seamless multi-master sync, that scales from
big data to mobile, with an intuitive HTTP/JSON API and designed for
diff --git a/couchdb/NEWS.md b/couchdb/NEWS.md
index baab199..1c1e95a 100644
--- a/couchdb/NEWS.md
+++ b/couchdb/NEWS.md
@@ -1,5 +1,9 @@
# NEWS
+## 4.5.0
+
+- Add capability to set pod and container level securityContext settings.
+
## 4.4.1
- Add possibility to customize `service.targetPort` from values. Set default to 5984.
diff --git a/couchdb/README.md b/couchdb/README.md
index a0b8690..32e8e52 100644
--- a/couchdb/README.md
+++ b/couchdb/README.md
@@ -1,6 +1,6 @@
# CouchDB
- 
+ 
Apache CouchDB is a database featuring seamless multi-master sync, that scales
from big data to mobile, with an intuitive HTTP/JSON API and designed for
@@ -18,7 +18,7 @@
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
$ helm install couchdb/couchdb \
- --version=4.4.1 \
+ --version=4.5.0 \
--set allowAdminParty=true \
--set couchdbConfig.couchdb.uuid=$(curl https://www.uuidgenerator.net/api/version4 2>/dev/null | tr -d -)
```
@@ -44,7 +44,7 @@
```bash
$ helm install \
--name my-release \
- --version=4.4.1 \
+ --version=4.5.0 \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
```
@@ -78,7 +78,7 @@
```bash
$ helm install \
--name my-release \
- --version=4.4.1 \
+ --version=4.5.0 \
--set createAdminSecret=false \
--set couchdbConfig.couchdb.uuid=decafbaddecafbaddecafbaddecafbad \
couchdb/couchdb
@@ -133,7 +133,7 @@
```bash
$ helm repo add couchdb https://apache.github.io/couchdb-helm
-$ helm upgrade my-release --version=4.4.1 couchdb/couchdb
+$ helm upgrade my-release --version=4.5.0 couchdb/couchdb
```
## Configuration
@@ -239,6 +239,8 @@
| `placementConfig.enabled` | false |
| `placementConfig.image.repository` | caligrafix/couchdb-autoscaler-placement-manager |
| `placementConfig.image.tag` | 0.1.0 |
+| `podSecurityContext` | |
+| `containerSecurityContext` | |
## Feedback, Issues, Contributing
diff --git a/couchdb/README.md.gotmpl b/couchdb/README.md.gotmpl
index b8de044..9df26cd 100644
--- a/couchdb/README.md.gotmpl
+++ b/couchdb/README.md.gotmpl
@@ -223,6 +223,8 @@
| `placementConfig.enabled` | false |
| `placementConfig.image.repository` | caligrafix/couchdb-autoscaler-placement-manager |
| `placementConfig.image.tag` | 0.1.0 |
+| `podSecurityContext` | |
+| `containerSecurityContext | |
## Feedback, Issues, Contributing
diff --git a/couchdb/templates/job.yaml b/couchdb/templates/job.yaml
index 174e3ed..544955b 100644
--- a/couchdb/templates/job.yaml
+++ b/couchdb/templates/job.yaml
@@ -21,6 +21,9 @@
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
spec:
restartPolicy: OnFailure
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ {{- end }}
containers:
- name: cluster-setup
image: {{ .Values.autoSetup.image.repository }}:{{ .Values.autoSetup.image.tag }}
@@ -44,6 +47,9 @@
secretKeyRef:
name: {{ template "couchdb.fullname" . }}
key: adminPassword
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
backoffLimit: 2
ttlSecondsAfterFinished: 600
{{- end -}}
diff --git a/couchdb/templates/placementmanager.yaml b/couchdb/templates/placementmanager.yaml
index b77d723..3e2f511 100644
--- a/couchdb/templates/placementmanager.yaml
+++ b/couchdb/templates/placementmanager.yaml
@@ -24,6 +24,9 @@
helm.sh/chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
spec:
restartPolicy: OnFailure
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ {{- end }}
containers:
- name: placement-tagging-job
image: {{ .Values.placementConfig.image.repository }}:{{ .Values.placementConfig.image.tag }}
@@ -41,4 +44,7 @@
value: {{ template "couchdb.svcname" . }}
- name: COUCHDB_PORT
value: {{ .Values.service.externalPort | quote }}
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 10 }}
+ {{- end }}
{{- end -}}
diff --git a/couchdb/templates/statefulset.yaml b/couchdb/templates/statefulset.yaml
index f5c93bd..619a46d 100644
--- a/couchdb/templates/statefulset.yaml
+++ b/couchdb/templates/statefulset.yaml
@@ -31,6 +31,9 @@
{{- if .Values.schedulerName }}
schedulerName: "{{ .Values.schedulerName }}"
{{- end }}
+ {{- if .Values.podSecurityContext }}
+ securityContext: {{ .Values.podSecurityContext | toYaml | nindent 8 }}
+ {{- end }}
{{- if .Values.serviceAccount.enabled }}
serviceAccountName: {{ template "couchdb.serviceAccount" . }}
{{- end }}
@@ -51,6 +54,9 @@
mountPath: /tmp/
- name: config-storage
mountPath: /default.d
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
resources:
{{ toYaml .Values.initResources | indent 12 }}
{{- if .Values.adminHash }}
@@ -72,6 +78,9 @@
volumeMounts:
- name: local-config-storage
mountPath: /local.d
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
resources:
{{ toYaml .Values.initResources | indent 12 }}
{{- end }}
@@ -163,6 +172,9 @@
{{- end }}
- name: database-storage
mountPath: /opt/couchdb/data
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
{{- if .Values.enableSearch }}
- name: clouseau
image: "{{ .Values.searchImage.repository }}:{{ .Values.searchImage.tag }}"
@@ -170,6 +182,9 @@
volumeMounts:
- name: database-storage
mountPath: /opt/couchdb-search/data
+ {{- if .Values.containerSecurityContext }}
+ securityContext: {{ .Values.containerSecurityContext | toYaml | nindent 12 }}
+ {{- end }}
{{- end }}
{{- if .Values.sidecars }}
{{ toYaml .Values.sidecars | indent 8}}
