Merge pull request #47 from ksangers/main

Expand deployment security context configurability

charts/mailpit/Chart.yaml

@@ -3,7 +3,7 @@ name: mailpit
 description: An email and SMTP testing tool with API for developers
 icon: https://raw.githubusercontent.com/axllent/mailpit/develop/server/ui/mailpit.svg
 type: application
-version: 0.15.3
+version: 0.15.4
 appVersion: 1.15.1
 dependencies:
 - name: common

charts/mailpit/templates/deployment.yaml

@@ -42,11 +42,7 @@ spec:
           image: {{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           securityContext:
-            allowPrivilegeEscalation: false
-            runAsUser: 1001
-            runAsGroup: 1001
-            runAsNonRoot: true
-            readOnlyRootFilesystem: true
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
           args:
           - --db-file
           - /var/lib/mailpit/mailpit.db

charts/mailpit/values.schema.json

@@ -74,6 +74,9 @@
                 }
             }
         },
+        "podSecurityContext": {
+            "type": "object"
+        },
         "replicaCount": {
             "type": "number",
             "description": "Number of replicas to deploy",
@@ -427,4 +430,4 @@
             }
         }
     }
-}
+}

charts/mailpit/values.yaml

@@ -73,6 +73,16 @@ updateStrategy:
   ##
   type: RollingUpdate
 
+## @param podSecurityContext.type [object] SecurityContext for pods
+## ref: https://kubernetes.io/docs/concepts/security/pod-security-standards/
+##
+podSecurityContext:
+  allowPrivilegeEscalation: false
+  runAsUser: 1001
+  runAsGroup: 1001
+  runAsNonRoot: true
+  readOnlyRootFilesystem: true
+
 ## @param replicaCount Number of replicas to deploy
 ##
 replicaCount: 1