From 268bb090b4b4f1dbf11e9788d6c4c4fe6b07be8c Mon Sep 17 00:00:00 2001 From: Viktor Sokolov Date: Thu, 25 Sep 2025 12:18:47 +0200 Subject: [PATCH] podSecurityContext --- Readme.md | 3 ++- imgproxy/templates/_helpers.tpl | 15 +++++++++++++++ imgproxy/templates/deployment.yaml | 5 +++-- 3 files changed, 20 insertions(+), 3 deletions(-) diff --git a/Readme.md b/Readme.md index 798843d..abe1b41 100644 --- a/Readme.md +++ b/Readme.md @@ -169,8 +169,9 @@ Options for downloading the imgproxy image |**resources.deployment.replicas.stepCount**|The max number of pods to be added/dropped during autoscaling step.|`1`| |**resources.deployment.replicas.stepSeconds**|The period in seconds (1-1800) during which up to `stepCount` pods can be added or dropped by autoscaler.|`60`| |**resources.deployment.resources**|Hash of resource limits for your pods|`{}`| -|**resources.deployment.securityContext**|Hash of security context settings for your pods|`{}`| +|**resources.deployment.podSecurityContext**|Security context settings for pods|`{}`| |**resources.deployment.containerSecurityContext**|Security context setting for containers, see [the docs](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container)|`{}`| +|**resources.deployment.securityContext**|DEPRECATED: Security context settings for pods|`{}`| |**resources.deployment.terminationGracePeriodSeconds**|A custom amount of time to terminate the app|`30`| |**resources.deployment.tolerations**|Tolerations for Kubernetes taints|| |**resources.deployment.topologySpreadConstraints**|topologySpreadConstraints for distributing pods across zones|`[]`| diff --git a/imgproxy/templates/_helpers.tpl b/imgproxy/templates/_helpers.tpl index af16ef1..81c8063 100644 --- a/imgproxy/templates/_helpers.tpl +++ b/imgproxy/templates/_helpers.tpl @@ -118,3 +118,18 @@ https://docs.aws.amazon.com/eks/latest/userguide/specify-service-account-role.ht {{- $suffix := ($.Values.resources.ingress.pathSuffix | default "" | trimPrefix "/") -}} {{- printf "%s/%s" $prefix $suffix -}} {{- end -}} + +{{/* deprecated securityContext */}} +{{- define "imgproxy.podSecurityContext" -}} +{{- $securityContext := $.Values.resources.deployment.securityContext -}} +{{- $podSecurityContext := $.Values.resources.deployment.podSecurityContext -}} +{{- if and $securityContext $podSecurityContext -}} +{{- fail "Both resources.deployment.securityContext and resources.deployment.podSecurityContext are defined. Please use only podSecurityContext." -}} +{{- end -}} +{{- if $securityContext -}} +{{- printf "\n# WARNING: resources.deployment.securityContext is deprecated, please use resources.deployment.podSecurityContext instead" -}} +{{ $securityContext | toYaml | nindent 8 }} +{{- else if $podSecurityContext -}} +{{ $podSecurityContext | toYaml | nindent 8 }} +{{- end -}} +{{- end -}} diff --git a/imgproxy/templates/deployment.yaml b/imgproxy/templates/deployment.yaml index 91aa170..557ebb6 100644 --- a/imgproxy/templates/deployment.yaml +++ b/imgproxy/templates/deployment.yaml @@ -65,8 +65,9 @@ spec: {{- end }} {{- end }} {{- end }} - {{- if $.Values.resources.deployment.securityContext }} - securityContext: {{ $.Values.resources.deployment.securityContext | toYaml | nindent 8 }} + {{- with (include "imgproxy.podSecurityContext" .) }} + securityContext: + {{ . }} {{- end }} {{- if $.Values.resources.serviceAccount.existingName }} serviceAccountName: {{ $.Values.resources.serviceAccount.existingName | quote }}