From 9684220655cc81bf2a2a484fe61dde9a5b8a998c Mon Sep 17 00:00:00 2001
From: Matan Heled <matanheled@getport.io>
Date: Mon, 18 Dec 2023 13:17:05 +0200
Subject: [PATCH] Added pod SCC and container SCC

---
 charts/port-agent/templates/deployment.yaml | 16 ++++++++++------
 charts/port-agent/values.yaml               | 20 ++++++++++++++------
 2 files changed, 24 insertions(+), 12 deletions(-)

diff --git a/charts/port-agent/templates/deployment.yaml b/charts/port-agent/templates/deployment.yaml
index 6e8d6f3..650938a 100644
--- a/charts/port-agent/templates/deployment.yaml
+++ b/charts/port-agent/templates/deployment.yaml
@@ -5,6 +5,12 @@ metadata:
   labels:
     {{- include "port-agent.labels" . | nindent 4 }}
 spec:
+  strategty:
+    type: {{ .Values.rolloutStrategy }}
+  securityContext: 
+  {{- if .Values.podSecurityContext }}
+    {{- toYaml .Values.podSecurityContext | nindent 4 }}
+  {{- end }}
   replicas: 1
   selector:
     matchLabels:
@@ -22,19 +28,17 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{ - if .Values.podSecurityContext.enabled }}
-            {{- toYaml .Values.podSecurityContext.securityContext | nindent 12 }}
-            {{- end }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- if .Values.selfSignedCertificate.enabled }}
           command: [ "sh", "-c", "update-ca-certificates && python3 main.py" ]
           {{- end }}
+          securityContext:
+          {{- if .Values.containerSecurityContext }}
+            {{- toYaml .Values.containerSecurityContext | nindent 14 }}
+          {{- end }}
           env:
             {{- if .Values.selfSignedCertificate.enabled }}
             {{/* Used for requests library in python - For httpx please use SSL_CERT_FILE */}}
diff --git a/charts/port-agent/values.yaml b/charts/port-agent/values.yaml
index f4cdf40..cd24bae 100644
--- a/charts/port-agent/values.yaml
+++ b/charts/port-agent/values.yaml
@@ -29,13 +29,21 @@ env:
 
 podAnnotations: {}
 
-podSecurityContext:
-  enabled: true
-  securityContext:
-    fsGroup: 1001
-    runAsUser: 1001
+podSecurityContext: {}
+# Example 
+  # runAsGroup: 1001
+  # runAsUser: 1001
+  # fsGroup: 1001
+  # fsGroupChangePolicy: "OnRootMismatch"
+containerSecurityContext: {}
+# Example 
+  # runAsGroup: 1001
+  # runAsUser: 1001
+  # allowPrivilegeEscalation: false
 
-securityContext: {}
+
+
+rolloutStrategy: "Recreate"
 
 resources:
   requests: