Merge pull request #71 from phandox/main

[feat] Add support for configuring SecurityContext via Helm chart

contrib/helm/calert/templates/deployment.yaml

@@ -28,6 +28,12 @@ spec:
     {{- end }}
     {{- with .Values.priorityClassName }}
       priorityClassName: {{ . }}
+    {{- end }}
+    {{- if .Values.securityContext.enabled }}
+      {{- with omit .Values.securityContext "enabled" }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     {{- end }}
       containers:
         - name: {{ .Chart.Name }}
@@ -37,6 +43,12 @@ spec:
             {{- range .Values.args }}
             - {{ . | quote }}
             {{- end }}
+        {{- if .Values.securityContext.enabled }}
+          {{- with omit .Values.securityContext "enabled" "runAsGroup" "runAsUser" "runAsNonRoot" "windowsOptions" }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- end }}
           ports:
           - containerPort: {{ .Values.service.port }}
             protocol: TCP

contrib/helm/calert/values.yaml

@@ -81,3 +81,20 @@ affinity: {}
 topologySpreadConstraints: []
 
 podAnnotations: {}
+
+securityContext:
+  enabled: false
+
+  privileged: false
+  allowPrivilegeEscalation: false
+  runAsNonRoot: true
+  runAsUser: 1001
+  runAsGroup: 1001
+  readOnlyRootFilesystem: true
+  seccompProfile:
+    type: RuntimeDefault
+  windowsOptions:
+    hostProcess: false
+  capabilities:
+    drop: ["ALL"]
+    add: ["NET_BIND_SERVICE"]