Add configurable securityContext (#69)

* Add configurable securityContext for server & worker * Bump chart version
goauthentik · May 9, 2022 · 5652482 · 5652482
1 parent 2820a43
commit 5652482
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/charts/authentik/Chart.yaml b/charts/authentik/Chart.yaml
@@ -16,7 +16,7 @@ keywords:
   - ldap
   - idp
   - sp
-version: 2022.4.1
+version: 2022.4.2
 appVersion: 2022.4.1
 icon: https://raw.githubusercontent.com/BeryJu/authentik/master/web/icons/icon.svg
 maintainers:

diff --git a/charts/authentik/README.md b/charts/authentik/README.md
@@ -44,8 +44,8 @@ redis:
 
 | Name | Email | Url |
 | ---- | ------ | --- |
-| BeryJu | [email protected] | https://github.com/BeryJu |
-| dirtycajunrice | [email protected] | https://github.com/dirtycajunrice |
+| BeryJu | <[email protected]> | <https://github.com/BeryJu> |
+| dirtycajunrice | <[email protected]> | <https://github.com/dirtycajunrice> |
 
 ## Source Code
 
@@ -128,6 +128,7 @@ redis:
 | postgresql.enabled | bool | `false` | enable the bundled bitnami postgresql chart |
 | postgresql.postgresqlDatabase | string | `"authentik"` |  |
 | postgresql.postgresqlUsername | string | `"authentik"` |  |
+| priorityClassName | string | `nil` | Custom priority class for different treatment by the scheduler |
 | prometheus.rules.create | bool | `false` |  |
 | prometheus.serviceMonitor.create | bool | `false` |  |
 | prometheus.serviceMonitor.interval | string | `"30s"` |  |
@@ -143,6 +144,7 @@ redis:
 | replicas | int | `1` | Server replicas |
 | resources.server | object | `{}` |  |
 | resources.worker | object | `{}` |  |
+| securityContext | object | `{}` | server securityContext |
 | service.annotations | object | `{}` |  |
 | service.enabled | bool | `true` | Service that is created to access authentik |
 | service.labels | object | `{}` |  |
@@ -153,4 +155,6 @@ redis:
 | serviceAccount.create | bool | `true` | Service account is needed for managed outposts |
 | volumeMounts | list | `[]` |  |
 | volumes | list | `[]` |  |
+| worker.priorityClassName | string | `nil` | Custom priority class for different treatment by the scheduler |
 | worker.replicas | int | `1` | worker replicas |
+| worker.securityContext | object | `{}` | worker securityContext |
diff --git a/charts/authentik/templates/deployment.yaml b/charts/authentik/templates/deployment.yaml
@@ -54,8 +54,12 @@ spec:
       {{- end }}
       {{ if eq . "server" -}}
       priorityClassName: {{ $.Values.priorityClassName }}
+      securityContext:
+        {{- toYaml $.Values.securityContext | nindent 8 }}
       {{- else -}}
       priorityClassName: {{ $.Values.worker.priorityClassName }}
+      securityContext:
+        {{- toYaml $.Values.worker.securityContext | nindent 8 }}
       {{- end }}
       containers:
         - name: {{ $.Chart.Name }}

diff --git a/charts/authentik/values.yaml b/charts/authentik/values.yaml
@@ -2,12 +2,16 @@
 replicas: 1
 # -- Custom priority class for different treatment by the scheduler
 priorityClassName:
+# -- server securityContext
+securityContext: {}
 
 worker:
   # -- worker replicas
   replicas: 1
   # -- Custom priority class for different treatment by the scheduler
   priorityClassName:
+  # -- worker securityContext
+  securityContext: {}
 
 image:
   repository: ghcr.io/goauthentik/server