File tree Expand file tree Collapse file tree 2 files changed +35
-13
lines changed Expand file tree Collapse file tree 2 files changed +35
-13
lines changed Original file line number Diff line number Diff line change @@ -33,10 +33,19 @@ spec:
33
33
{{- toYaml . | nindent 8 }}
34
34
{{- end }}
35
35
spec :
36
- {{- with .Values.securityContext.fsGroup }}
37
- securityContext :
38
- fsGroup : {{ int . }}
39
- {{- end }}
36
+ {{- with .Values.podSecurityContext }}
37
+ securityContext :
38
+ {{- $fsGroupOverride := dict }}
39
+ {{- if hasKey $.Values.securityContext "fsGroup" }}
40
+ {{- $fsGroupOverride = dict "fsGroup" (int $.Values.securityContext.fsGroup) }}
41
+ {{- end }}
42
+ {{- merge $fsGroupOverride . | toYaml | nindent 8 }}
43
+ {{- else }}
44
+ {{- if .Values.securityContext.fsGroup }}
45
+ securityContext :
46
+ fsGroup : {{ int .Values.securityContext.fsGroup }}
47
+ {{- end }}
48
+ {{- end }}
40
49
affinity :
41
50
nodeAffinity :
42
51
requiredDuringSchedulingIgnoredDuringExecution :
@@ -250,14 +259,10 @@ spec:
250
259
exec :
251
260
command :
252
261
- " true"
262
+ {{- with .Values.snykMonitorSecurityContext }}
253
263
securityContext :
254
- privileged : false
255
- runAsNonRoot : true
256
- allowPrivilegeEscalation : false
257
- readOnlyRootFilesystem : true
258
- capabilities :
259
- drop :
260
- - ALL
264
+ {{- toYaml . | nindent 12 }}
265
+ {{- end }}
261
266
volumes :
262
267
- name : docker-config
263
268
secret :
Original file line number Diff line number Diff line change @@ -135,8 +135,25 @@ excludedNamespaces:
135
135
# spec:
136
136
# securityContext:
137
137
# fsGroup: <-- here
138
- securityContext :
139
- fsGroup :
138
+ # ... <-- here
139
+ securityContext : {}
140
+
141
+ # Allow specifying the whole object in the PodSpec securityContext:
142
+ # spec:
143
+ # template:
144
+ # spec:
145
+ # securityContext:
146
+ # ... <-- here
147
+ podSecurityContext : {}
148
+
149
+ snykMonitorSecurityContext :
150
+ privileged : false
151
+ runAsNonRoot : true
152
+ allowPrivilegeEscalation : false
153
+ readOnlyRootFilesystem : true
154
+ capabilities :
155
+ drop :
156
+ - ALL
140
157
141
158
# Set node tolerations for snyk-monitor
142
159
tolerations : []
You can’t perform that action at this time.
0 commit comments