Added pod SCC and container SCC

charts/port-agent/templates/deployment.yaml

@@ -5,6 +5,12 @@ metadata:
   labels:
     {{- include "port-agent.labels" . | nindent 4 }}
 spec:
+  strategty:
+    type: {{ .Values.rolloutStrategy }}
+  securityContext: 
+  {{- if .Values.podSecurityContext }}
+    {{- toYaml .Values.podSecurityContext | nindent 4 }}
+  {{- end }}
   replicas: 1
   selector:
     matchLabels:
@@ -22,19 +28,17 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ - if .Values.podSecurityContext.enabled }}
-            {{- toYaml .Values.podSecurityContext.securityContext | nindent 12 }}
-            {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- if .Values.selfSignedCertificate.enabled }}
           command: [ "sh", "-c", "update-ca-certificates && python3 main.py" ]
           {{- end }}
+          securityContext:
+          {{- if .Values.containerSecurityContext }}
+            {{- toYaml .Values.containerSecurityContext | nindent 14 }}
+          {{- end }}
           env:
             {{- if .Values.selfSignedCertificate.enabled }}
             {{/* Used for requests library in python - For httpx please use SSL_CERT_FILE */}}

charts/port-agent/values.yaml

@@ -29,13 +29,21 @@ env:
 
 podAnnotations: {}
 
-podSecurityContext:
-  enabled: true
-  securityContext:
-    fsGroup: 1001
-    runAsUser: 1001
+podSecurityContext: {}
+# Example 
+  # runAsGroup: 1001
+  # runAsUser: 1001
+  # fsGroup: 1001
+  # fsGroupChangePolicy: "OnRootMismatch"
+containerSecurityContext: {}
+# Example 
+  # runAsGroup: 1001
+  # runAsUser: 1001
+  # allowPrivilegeEscalation: false
 
-securityContext: {}
+
+
+rolloutStrategy: "Recreate"
 
 resources:
   requests: