diff --git a/charts/sourcegraph/README.md b/charts/sourcegraph/README.md index ada2a76a..59990692 100644 --- a/charts/sourcegraph/README.md +++ b/charts/sourcegraph/README.md @@ -308,6 +308,7 @@ In addition to the documented values, all services also support the following va | searcher.serviceAccount.name | string | `""` | Name of the ServiceAccount to be created or an existing ServiceAccount | | searcher.storageSize | string | `"26Gi"` | Size of the PVC for searcher pods to store cache data | | sourcegraph.affinity | object | `{}` | Global Affinity, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) | +| sourcegraph.containerSecurityContext | object | `{}` | Global container security context settings that can be overridden per service Used to set security parameters like runAsUser, privileged mode, etc. | | sourcegraph.image.defaultTag | string | `"{{ .Chart.AppVersion }}"` | Global docker image tag | | sourcegraph.image.pullPolicy | string | `"IfNotPresent"` | Global docker image pull policy | | sourcegraph.image.repository | string | `"index.docker.io/sourcegraph"` | Global docker image registry or prefix | @@ -319,7 +320,10 @@ In addition to the documented values, all services also support the following va | sourcegraph.nodeSelector | object | `{}` | Global NodeSelector, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector) | | sourcegraph.podAnnotations | object | `{}` | Add extra annotations to attach to all pods | | sourcegraph.podLabels | object | `{}` | Add extra labels to attach to all pods | +| sourcegraph.podSecurityContext | object | `{}` | Global pod security context settings that can be overridden per service Controls pod-level security attributes like fsGroup and runAsUser | +| sourcegraph.privileged | object | `{}` | Global privileged mode settings that can be overridden per service Determines if pods/containers can run with elevated privileges | | sourcegraph.revisionHistoryLimit | int | `10` | Global deployment clean up policy, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#clean-up-policy) | +| sourcegraph.serviceAccount | object | `{"create":false}` | Global service account creation settings that can be overridden per service Controls whether service accounts should be automatically created | | sourcegraph.serviceLabels | object | `{}` | Add extra labels to all services | | sourcegraph.tolerations | list | `[]` | Global Tolerations, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) | | storageClass.allowedTopologies | list | `[]` | Persistent volumes topology configuration, learn more from the [Kubernetes documentation](https://kubernetes.io/docs/concepts/storage/storage-classes/#allowed-topologies) | diff --git a/charts/sourcegraph/values.yaml b/charts/sourcegraph/values.yaml index b638002f..244f2d5d 100644 --- a/charts/sourcegraph/values.yaml +++ b/charts/sourcegraph/values.yaml @@ -38,6 +38,19 @@ sourcegraph: revisionHistoryLimit: 10 # -- Add extra labels to all services serviceLabels: {} + # -- Global container security context settings that can be overridden per service + # Used to set security parameters like runAsUser, privileged mode, etc. + containerSecurityContext: {} + # -- Global pod security context settings that can be overridden per service + # Controls pod-level security attributes like fsGroup and runAsUser + podSecurityContext: {} + # -- Global privileged mode settings that can be overridden per service + # Determines if pods/containers can run with elevated privileges + privileged: {} + # -- Global service account creation settings that can be overridden per service + # Controls whether service accounts should be automatically created + serviceAccount: + create: false # Generic application configuration options, used by most applications below # app: # Generally matches directory name