diff --git a/chart/k8soauth2-proxy-controller/Chart.yaml b/chart/k8soauth2-proxy-controller/Chart.yaml index c76d825..71bb12e 100644 --- a/chart/k8soauth2-proxy-controller/Chart.yaml +++ b/chart/k8soauth2-proxy-controller/Chart.yaml @@ -13,4 +13,4 @@ keywords: name: k8soauth2-proxy-controller sources: - https://github.com/DoodleScheduling/k8soauth2-proxy-controller -version: 0.2.3 +version: 0.2.4 diff --git a/chart/k8soauth2-proxy-controller/templates/deployment.yaml b/chart/k8soauth2-proxy-controller/templates/deployment.yaml index 6e3a4f4..8f588b3 100644 --- a/chart/k8soauth2-proxy-controller/templates/deployment.yaml +++ b/chart/k8soauth2-proxy-controller/templates/deployment.yaml @@ -96,12 +96,9 @@ spec: name: https protocol: TCP resources: - limits: - cpu: 500m - memory: 128Mi - requests: - cpu: 5m - memory: 64Mi + {{- toYaml .Values.kubeRBACProxy.resources | nindent 10 }} + securityContext: + {{- toYaml .Values.kubeRBACProxy.securityContext | nindent 10 }} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File {{- end }} @@ -114,6 +111,8 @@ spec: secret: secretName: {{ .secretName }} {{- end }} + securityContext: + {{- toYaml .Values.podSecurityContext | nindent 8 }} affinity: {{- toYaml .Values.affinity | nindent 8 }} imagePullSecrets: diff --git a/chart/k8soauth2-proxy-controller/values.yaml b/chart/k8soauth2-proxy-controller/values.yaml index 3945483..e9be5ef 100644 --- a/chart/k8soauth2-proxy-controller/values.yaml +++ b/chart/k8soauth2-proxy-controller/values.yaml @@ -87,6 +87,8 @@ securityContext: capabilities: drop: ["all"] readOnlyRootFilesystem: true + +podSecurityContext: runAsGroup: 10000 runAsNonRoot: true runAsUser: 10000 @@ -131,4 +133,12 @@ prometheusRule: kubeRBACProxy: enabled: true + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["all"] + readOnlyRootFilesystem: true + + resources: {} + tolerations: []