Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ISSUE-711: add support for securityContext to SRS #712

Closed
Original file line number Diff line number Diff line change
Expand Up @@ -105,6 +105,10 @@ spec:
value: ""
resources:
{{- toYaml .Values.srsRuntime.resources | nindent 12 }}
securityContext:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do we need the securityContext key if Values.srsRuntime.securityContext is not provided in values.yaml?
Can you please add unit tests for the same?

{{- toYaml .Values.srsRuntime.securityContext | nindent 12 }}
securityContext:
{{- toYaml .Values.securityContext | nindent 8 }}
{{- if .Values.srsStorage.tls.enabled }}
volumes:
- name: srs-certificates
Expand Down
12 changes: 12 additions & 0 deletions charts/backingservices/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,12 +32,24 @@ srs:
# Specify secret names as an array of comma-separated strings. For example: ["secret1", "secret2"]
imagePullSecretNames: []

# Container securityContext
# securityContext:
# runAsUser: 9999 # app
# allowPrivilegeEscalation: false
# capabilities:
# drop:
# - all

env:
# AuthEnabled may be set to true when there is an authentication mechanism in place between SRS and Pega Infinity.
AuthEnabled: false
# When `AuthEnabled` is `true`, enter the appropriate public key URL. When `AuthEnabled` is `false`(default), leave this parameter empty.
OAuthPublicKeyURL: ""

# Pod securityContext
# securityContext:
# runAsUser: 9999 # app

# This section specifies the elasticsearch cluster configuration.
srsStorage:
# Setting srsStorage.provisionInternalESCluster to true will provision an internal elasticsearch cluster using the configuration
Expand Down
Loading