Feature/add containers security context field (#98)

* #96 Adding securityContext in the containers spec field to deployment templates

* #96 Adding securityContext in the containers spec field to deployment templates

README.md

@@ -271,6 +271,7 @@ Once you have completed the above steps you can complete the file values.yaml to
 | api.properties.databaseUser               | No       |                                                                        |
 | api.properties.databasePassword           | No       |                                                                        |
 | api.securityContext                       | No       | Fill securityContext field                                             |
+| api.containerSecurityContext              | No       | Fill securityContext field in the container spec                       |
 | executor.enabled                          | Yes      | true/false                                                             |
 | executor.version                          | Yes      | Terrakube Executor version                                             |
 | executor.replicaCount                     | Yes      |                                                                        |
@@ -282,6 +283,7 @@ Once you have completed the above steps you can complete the file values.yaml to
 | executor.properties.toolsRepository       | Yes      | Example: https://github.com/AzBuilder/terrakube-extensions             |
 | executor.properties.toolsBranch           | Yes      | Example: main                                                          |
 | executor.securityContext                  | No       | Fill securityContext field                                             |
+| executor.containerSecurityContext         | No       | Fill securityContext field in the container spec                       |
 | registry.enabled                          | Yes      |                                                                        |
 | registry.version                          | Yes      |                                                                        |
 | registry.replicaCount                     | Yes      |                                                                        |
@@ -291,12 +293,14 @@ Once you have completed the above steps you can complete the file values.yaml to
 | registry.volumes                          | No       |                                                                        |
 | registry.volumeMounts                     | No       |                                                                        |
 | registry.securityContext                  | No       | Fill securityContext field                                             |
+| registry.containerSecurityContext         | No       | Fill securityContext field in the container spec                       |
 | ui.enabled                                | Yes      | true/false                                                             |
 | ui.version                                | Yes      |                                                                        |
 | ui.replicaCount                           | Yes      |                                                                        |
 | ui.serviceAccountName                     | No       | Kubernetes Service Account name                                        |
 | ui.serviceType                            | Yes      | ClusterIP/NodePort/LoadBalancer/ExternalName                           |
 | ui.securityContext                        | No       | Fill securityContext field                                             |
+| ui.containerSecurityContext               | No       | Fill securityContext field in the container spec                       |
 | ingress.ui.useTls                         | Yes      | true/false                                                             |
 | ingress.ui.enabled                        | Yes      | true/false                                                             |
 | ingress.ui.domain                         | Yes      |                                                                        |

charts/terrakube/Chart.yaml

@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 3.14.1
+version: 3.14.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to

charts/terrakube/templates/deployment-api.yaml

@@ -57,6 +57,10 @@ spec:
             port: 8080
           initialDelaySeconds: 120
           periodSeconds: 10
+        {{- with .Values.api.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       {{- with .Values.api.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

charts/terrakube/templates/deployment-executor.yaml

@@ -57,6 +57,10 @@ spec:
             port: 8090
           initialDelaySeconds: 120
           periodSeconds: 10
+        {{- with .Values.executor.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       {{- with .Values.executor.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

charts/terrakube/templates/deployment-openldap.yaml

@@ -39,6 +39,10 @@ spec:
           mountPath: "/ldifs/config-ldap.ldif"
           subPath: "config-ldap.ldif"
           readOnly: true
+        {{- with .Values.executor.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       volumes:
         - name: openldap-config
           secret:

charts/terrakube/templates/deployment-registry.yaml

@@ -57,6 +57,10 @@ spec:
             port: 8075
           initialDelaySeconds: 120
           periodSeconds: 10
+        {{- with .Values.executor.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       {{- with .Values.registry.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

charts/terrakube/templates/deployment-ui.yaml

@@ -36,6 +36,10 @@ spec:
         envFrom:
         - secretRef:
             name: terrakube-ui-secrets
+        {{- with .Values.executor.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
       {{- with .Values.ui.affinity }}
       affinity:
         {{- toYaml . | nindent 8 }}

charts/terrakube/values.yaml

@@ -17,6 +17,7 @@ security:
 openldap:
   podLabels: {}
   securityContext: {}
+  containerSecurityContext: {}
 
 ## Dex
 dex:
@@ -173,6 +174,7 @@ api:
   loadSampleData: true
   terraformReleasesUrl: "https://releases.hashicorp.com/terraform/index.json"
   securityContext: {}
+  containerSecurityContext: {}
   cache:
     moduleCacheMaxTotal: "128"
     moduleCacheMaxIdle: "128"
@@ -210,6 +212,7 @@ executor:
     toolsRepository: "https://github.com/AzBuilder/terrakube-extensions"
     toolsBranch: "main"
   securityContext: {}
+  containerSecurityContext: {}
 ## Registry properties
 registry:
   enabled: true
@@ -221,6 +224,7 @@ registry:
   resources: {}
   podLabels: {}
   securityContext: {}
+  containerSecurityContext: {}
 
 ## UI Properties
 ui:
@@ -233,6 +237,7 @@ ui:
   resources: {}
   podLabels: {}
   securityContext: {}
+  containerSecurityContext: {}
 
 ## Ingress properties
 ingress: