Merge pull request #4 from mariem168/add-securitycontext

karimzakzouk · web-flow · commit c7ea029f6e7e · 2025-08-27T17:30:26.000+03:00
SecurityContext to Helm deployment
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -14,10 +14,22 @@ spec:
       labels:
         app: {{ .Release.Name }}
     spec:
+      {{- if .Values.securityContext.enabled }}
+      # Pod-level security settings
+      securityContext:
+        runAsUser: {{ .Values.securityContext.runAsUser }}
+        runAsGroup: {{ .Values.securityContext.runAsGroup }}
+        fsGroup: {{ .Values.securityContext.fsGroup }}
+      {{- end }}
       containers:
         - name: {{ .Release.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.securityContext.enabled }}
+          # Container-level security settings
+          securityContext:
+            allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation }}
+          {{- end }}
           ports:
             - containerPort: {{ .Values.service.targetPort }}
           env:
diff --git a/helm/values.yaml b/helm/values.yaml
@@ -3,7 +3,6 @@ replicaCount: 1
 image:
   repository: docker.io/karimzakzouk/graduation-project-devops
   pullPolicy: IfNotPresent
-
   tag: 5ce971613930bb3845550750c0b11cfc28a7d33d
 
 service:
@@ -13,6 +12,14 @@ service:
 
 namespace: ""
 
+securityContext:
+  enabled: true
+  runAsUser: 1000
+  runAsGroup: 3000
+  fsGroup: 2000
+  allowPrivilegeEscalation: false
+
+
 resources:
   requests:
     cpu: 100m
