diff --git a/library/common/1.0.0/values.yaml b/library/common/1.0.0/values.yaml index c5376411d1..29ca34e54c 100644 --- a/library/common/1.0.0/values.yaml +++ b/library/common/1.0.0/values.yaml @@ -37,7 +37,7 @@ tty: false stdin: false -# -- Configure the Security Context for the Pod +# TODO: docs podSecurityContext: runAsUser: 568 runAsGroup: 568 @@ -45,7 +45,6 @@ podSecurityContext: supplementalGroups: [] fsGroupChangePolicy: OnRootMismatch -# -- Configure the Security Context for the main container securityContext: privileged: false readOnlyRootFilesystem: true diff --git a/library/common/_docs/Values.yaml Explained.md b/library/common/_docs/Values.yaml Explained.md index a3e2196912..fa0dc3e52b 100644 --- a/library/common/_docs/Values.yaml Explained.md +++ b/library/common/_docs/Values.yaml Explained.md @@ -109,16 +109,16 @@ Sets all `key: value` pairs to: - metadata.labels - + ## nameOverride -
-Show / Hide - Sets an override for the suffix of the full name. (Applies to current chart only) +
+Show / Hide + - Type: `string` - Default: `""` - Helm template: ❌ @@ -151,11 +151,11 @@ Sets `something` to: ## podAnnotations +Set annotations on the pod. +
Show / Hide -Set annotations on the pod. - - Type: `dict` - Default: `{}` - Helm Template: ✅ @@ -178,11 +178,11 @@ Sets all `key: value` pairs to: ## podLabels +Set labels on the pod. +
Show / Hide -Set labels on the pod. - - Type: `dict` - Default: `{}` - Helm Template: ✅ @@ -205,11 +205,11 @@ Sets all `key: value` pairs to: ## command +Override the command(s) for the default container +
Show / Hide -Override the command(s) for the default container - - Type: `string` or `list` - Default: `[]` - Helm Template: ✅ @@ -243,11 +243,11 @@ Coverts command to a list and sets it to: ## args +Override the args for the default container +
Show / Hide -Override the args for the default container - - Type: `string` or `list` - Default: `[]` - Helm Template: ✅ @@ -277,13 +277,13 @@ Coverts args to a list and sets it to: ## extraArgs -
-Show / Hide - Appends args to the `args` for the default container. If no `args` are defined, `extraArgs` will still be set. Mainly built for the SCALE GUI +
+Show / Hide + - Type: `string` or `list` - Default: `[]` - Helm Template: ✅ @@ -313,11 +313,11 @@ Coverts extraArgs to a list and appends it to: ## tty +Specifies whether the default container in a pod runs with `TTY` enabled. +
Show / Hide -Specifies whether the default container in a pod runs with `TTY` enabled. - - Type: `boolean` - Default: `false` - Helm Template: ❌ @@ -330,7 +330,7 @@ tty: true tty: false ``` -Coverts extraArgs to a list and appends it to: +Sets tty to: - Deployment - spec.template.spec.containers[0].tty @@ -339,11 +339,11 @@ Coverts extraArgs to a list and appends it to: ## stdin +Specifies whether the default container in a pod runs with `stdin` enabled. +
Show / Hide -Specifies whether the default container in a pod runs with `stdin` enabled. - - Type: `boolean` - Default: `false` - Helm Template: ❌ @@ -356,9 +356,196 @@ stdin: true stdin: false ``` -Coverts extraArgs to a list and appends it to: +Sets stin to: - Deployment - spec.template.spec.containers[0].stdin
+ +## podSecurityContext + +Configure the Security Context for the Pod + +
+Show / Hide + +Available options: + +```yaml +podSecurityContext: + runAsUser: 568 + runAsGroup: 568 + fsGroup: 568 + supplementalGroups: [] + fsGroupChangePolicy: OnRootMismatch +``` + +
+ +## securityContext + +Configure the Security Context for the default container + +
+Show / Hide + +Available options: + +```yaml +securityContext: + privileged: false + readOnlyRootFilesystem: true + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + add: [] + drop: [] +``` + +### privileged + +Specifies privileged status on securityContext for the default container + +
+Show / Hide + +- Type: `boolean` +- Default: `false` +- Helm Template: ❌ + +Examples: Values.yaml + +```yaml +securityContext: + privileged: false + +securityContext: + privileged: true +``` + +Sets privileged on securityContext to: + +- Deployment + - spec.template.spec.containers[0].securityContext.privileged + +
+ +### readOnlyRootFilesystem + +Specifies readOnlyRootFilesystem status on securityContext for the default container + +
+Show / Hide + +- Type: `boolean` +- Default: `true` +- Helm Template: ❌ + +Examples: Values.yaml + +```yaml +securityContext: + readOnlyRootFilesystem: false + +securityContext: + readOnlyRootFilesystem: true +``` + +Sets readOnlyRootFilesystem on securityContext to: + +- Deployment + - spec.template.spec.containers[0].securityContext.readOnlyRootFilesystem + +
+ +### allowPrivilegeEscalation + +Specifies allowPrivilegeEscalation status on securityContext for the default container + +
+Show / Hide + +- Type: `boolean` +- Default: `false` +- Helm Template: ❌ + +Examples: Values.yaml + +```yaml +securityContext: + allowPrivilegeEscalation: false + +securityContext: + allowPrivilegeEscalation: true +``` + +Sets allowPrivilegeEscalation on securityContext to: + +- Deployment + - spec.template.spec.containers[0].securityContext.allowPrivilegeEscalation + +
+ +### runAsNonRoot + +Specifies runAsNonRoot status on securityContext for the default container + +
+Show / Hide + +- Type: `boolean` +- Default: `true` +- Helm Template: ❌ + +Examples: Values.yaml + +```yaml +securityContext: + runAsNonRoot: false + +securityContext: + runAsNonRoot: true +``` + +Sets runAsNonRoot on securityContext to: + +- Deployment + - spec.template.spec.containers[0].securityContext.runAsNonRoot + +
+ +### capabilities + +Specifies capabilities to add or drop on securityContext for the default container + +
+Show / Hide + +- Type: `boolean` +- Default: + - add:`[]` + - drop:`[]` +- Helm Template: ✅ + +Examples: Values.yaml + +```yaml + capabilities: + add: + - SYS_ADMIN + - "{{ .Values.some.key }}" + drop: + - NET_RAW + - "{{ .Values.some.key }}" +``` + +Sets capabilities to add or drop on securityContext to: + +- Deployment + - spec.template.spec.containers[0].securityContext.capabilities.add + - spec.template.spec.containers[0].securityContext.capabilities.drop + +
+ +