Add metrics.securityContext and metrics.podSecurityContext

Signed-off-by: jessebot <[email protected]>
nextcloud · Jul 29, 2024 · 264a32a · 264a32a
1 parent ddc5afc
commit 264a32a
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 3 deletions.
diff --git a/charts/nextcloud/Chart.yaml b/charts/nextcloud/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: nextcloud
-version: 5.4.0
+version: 5.5.0
 appVersion: 29.0.4
 description: A file sharing server that puts the control and security of your own data back into your hands.
 keywords:

diff --git a/charts/nextcloud/templates/metrics/deployment.yaml b/charts/nextcloud/templates/metrics/deployment.yaml
@@ -79,7 +79,12 @@ spec:
           resources:
             {{- toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.metrics.securityContext }}
           securityContext:
-            runAsUser: 1000
-            runAsNonRoot: true
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+      {{- with .Values.metrics.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 12 }}
+      {{- end }}
 {{- end }}
diff --git a/charts/nextcloud/values.yaml b/charts/nextcloud/values.yaml
@@ -645,6 +645,21 @@ metrics:
       prometheus.io/port: "9205"
     labels: {}
 
+  # security context for the metrics CONTAINER in the pod
+  securityContext:
+    runAsUser: 1000
+    runAsNonRoot: true
+    # allowPrivilegeEscalation: false
+    # capabilities:
+    #   drop:
+    #     - ALL
+
+  # security context for the metrics POD
+  podSecurityContext: {}
+  # runAsNonRoot: true
+  # seccompProfile:
+  #   type: RuntimeDefault
+
   ## Prometheus Operator ServiceMonitor configuration
   ##
   serviceMonitor: