diff --git a/charts/catalog-api/README.md b/charts/catalog-api/README.md index 1ad455adf..1bbc2027e 100644 --- a/charts/catalog-api/README.md +++ b/charts/catalog-api/README.md @@ -28,15 +28,16 @@ See the [documentation](https://docs.2gis.com/en/on-premise/search) to learn abo ### Common settings -| Name | Description | Value | -| ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | -| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | -| `affinity` | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | -| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | -| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | -| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | -| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | -| `imagePullSecrets` | Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | `[]` | +| Name | Description | Value | +| -------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------- | ----- | +| `nodeSelector` | Kubernetes [node selectors](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector) | `{}` | +| `affinity` | Kubernetes [pod affinity](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity) | `{}` | +| `tolerations` | Kubernetes [tolerations](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) settings | `[]` | +| `annotations` | Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). | `{}` | +| `podAnnotations` | Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) | `{}` | +| `podLabels` | Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) | `{}` | +| `podSecurityContext` | Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) | `{}` | +| `imagePullSecrets` | Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) | `[]` | ### Kubernetes [Pod Disruption Budget](https://kubernetes.io/docs/concepts/workloads/pods/disruptions/#pod-disruption-budgets) settings diff --git a/charts/catalog-api/templates/api/deployment.yaml b/charts/catalog-api/templates/api/deployment.yaml index 8d230ced7..f57825ace 100644 --- a/charts/catalog-api/templates/api/deployment.yaml +++ b/charts/catalog-api/templates/api/deployment.yaml @@ -40,6 +40,10 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.api.postgres.tls.enabled }} initContainers: - name: copy-certs diff --git a/charts/catalog-api/templates/importer/cleaner/job.yaml b/charts/catalog-api/templates/importer/cleaner/job.yaml index ca553d1d6..935485cfb 100644 --- a/charts/catalog-api/templates/importer/cleaner/job.yaml +++ b/charts/catalog-api/templates/importer/cleaner/job.yaml @@ -16,6 +16,10 @@ spec: labels: {{- include "catalog.importer.labels" . | nindent 8 }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} restartPolicy: Never {{- if .Values.importer.postgres.tls.enabled }} initContainers: diff --git a/charts/catalog-api/templates/importer/job.yaml b/charts/catalog-api/templates/importer/job.yaml index de9d9f3e3..41dab0da7 100644 --- a/charts/catalog-api/templates/importer/job.yaml +++ b/charts/catalog-api/templates/importer/job.yaml @@ -16,6 +16,10 @@ spec: labels: {{- include "catalog.importer.labels" . | nindent 8 }} spec: + {{- with .Values.podSecurityContext }} + securityContext: + {{- toYaml . | nindent 8 }} + {{- end }} restartPolicy: Never {{- if or .Values.importer.initialDelaySeconds .Values.importer.postgres.tls.enabled }} initContainers: diff --git a/charts/catalog-api/values.yaml b/charts/catalog-api/values.yaml index 8404f519e..4874acf9a 100644 --- a/charts/catalog-api/values.yaml +++ b/charts/catalog-api/values.yaml @@ -13,6 +13,7 @@ dgctlDockerRegistry: '' # @param annotations Kubernetes [annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/). # @param podAnnotations Kubernetes [pod annotations](https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/) # @param podLabels Kubernetes [pod labels](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) +# @param podSecurityContext Kubernetes [pod security context](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) # @param imagePullSecrets Kubernetes [secrets for pulling the image from the registry](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/) nodeSelector: {} @@ -21,6 +22,7 @@ tolerations: [] annotations: {} podAnnotations: {} podLabels: {} +podSecurityContext: {} imagePullSecrets: []