feat: pass hard-coded securityContext and persistence to values.yaml

zesty-co · Jul 11, 2024 · bc21da0 · bc21da0
1 parent e5068bf
commit bc21da0
Show file tree

Hide file tree

Showing 3 changed files with 31 additions and 21 deletions.
diff --git a/charts/zesty/templates/deployment.yaml b/charts/zesty/templates/deployment.yaml
@@ -22,20 +22,19 @@ spec:
         - image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           name: {{ .Chart.Name }}
+          {{- with .Values.resources }}
           resources:
-            limits:
-              cpu: 1000m
-            requests:
-              cpu: 100m
+          {{- toYaml . | nindent 12 }}
+          {{- end }}
           securityContext:
             allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - ALL
             readOnlyRootFilesystem: true
           volumeMounts:
-            - mountPath: {{ .Values.pvc.mountPath }}
-              name: {{ .Values.pvc.volumeName }}
+            - mountPath: {{ .Values.persistence.mountPath }}
+              name: {{ .Values.persistence.volumeName }}
           env:
             - name: org_id
               valueFrom:
@@ -53,15 +52,10 @@ spec:
            {{- end }}
       priorityClassName: system-cluster-critical
       securityContext:
-        fsGroup: 65532
-        runAsGroup: 65532
-        runAsNonRoot: true
-        runAsUser: 65532
-        seccompProfile:
-          type: RuntimeDefault
+      {{- toYaml .Values.securityContext | nindent 8 }}
       serviceAccountName: {{ .Values.serviceAccount.name }}
       shareProcessNamespace: true
       volumes:
-        - name: {{ .Values.pvc.volumeName }}
+        - name: {{ .Values.persistence.volumeName }}
           persistentVolumeClaim:
-            claimName: {{ .Values.pvc.claim }}
+            claimName: {{ .Values.persistence.claim }}
diff --git a/charts/zesty/templates/pvc.yaml b/charts/zesty/templates/pvc.yaml
@@ -1,13 +1,9 @@
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
-  name: {{ .Values.pvc.claim }}
+  name: {{ .Values.persistence.claim }}
   labels:
     app.kubernetes.io/instance: zesty
     app.kubernetes.io/name: zesty
 spec:
-  accessModes:
-    - ReadWriteOnce
-  resources:
-    requests:
-      storage: 1Gi
+  {{- toYaml .Values.persistence.spec | nindent 2 }}
diff --git a/charts/zesty/values.yaml b/charts/zesty/values.yaml
@@ -9,13 +9,33 @@ image:
   pullPolicy: IfNotPresent
   tag: "latest"
 
-pvc:
+persistence:
   volumeName: "zesty-pv-storage"
   mountPath: "/bin/db"
   claim: "zesty-pvc"
+  spec:
+    accessModes:
+      - ReadWriteOnce
+    resources:
+      requests:
+        storage: 1Gi
 
 serviceAccount:
   name: "zesty"
   annotations:
 
 createClusterRole: true
+
+securityContext:
+  fsGroup: 65532
+  runAsGroup: 65532
+  runAsNonRoot: true
+  runAsUser: 65532
+  seccompProfile:
+    type: RuntimeDefault
+
+resources:
+  limits:
+    cpu: 1000m
+  requests:
+    cpu: 100m