diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 8b6ef05eac4c17e84d378a56e0c0aeb0748e3f2a..e1710b8a035910b164348c974017608bd1ae9423 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -139,6 +139,13 @@ spec:
{{- with (.Values.securityContext).runAsGroup }}
runAsGroup: {{ . }}
{{- end }}
+ {{- with (.Values.securityContext).fsGroup }}
+ fsGroup: {{ . }}
+ {{- end }}
+ {{- with (.Values.securityContext).capabilities }}
+ capabilities:
+{{ toYaml . | indent 12 }}
+ {{- end }}
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
diff --git a/src/test/helm/deployment_container_security_context_test.yaml b/src/test/helm/deployment_container_security_context_test.yaml
index 18a7450337149faf441b8fd520fc4883388f1f6e..165a9742a582dfc2da9b566485357f72554d7bbf 100644
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -49,6 +49,10 @@ tests:
path: spec.template.spec.containers[0].securityContext.runAsUser
- isNull:
path: spec.template.spec.containers[0].securityContext.runAsGroup
+ - isNull:
+ path: spec.template.spec.containers[0].securityContext.fsGroup
+ - isNull:
+ path: spec.template.spec.containers[0].securityContext.capabilities
- it: check runAsUser
set:
securityContext.runAsUser: 1000
@@ -62,4 +66,23 @@ tests:
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
- value: 1000
\ No newline at end of file
+ value: 1000
+ - it: check fsGroup
+ set:
+ securityContext.fsGroup: 1000
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].securityContext.fsGroup
+ value: 1000
+ - it: check capabilities
+ set:
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].securityContext.capabilities
+ value:
+ drop:
+ - ALL
\ No newline at end of file
diff --git a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
index 2fa6f19d1f1849524552c87bd18f6f4927121558..89ad38b0445b1511d16501fb57115c2a23747997 100644
--- a/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
+++ b/xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml
@@ -111,6 +111,13 @@ spec:
{{- with (.Values.securityContext).runAsGroup }}
runAsGroup: {{ . }}
{{- end }}
+ {{- with (.Values.securityContext).fsGroup }}
+ fsGroup: {{ . }}
+ {{- end }}
+ {{- with (.Values.securityContext).capabilities }}
+ capabilities:
+{{ toYaml . | indent 18 }}
+ {{- end }}
resources:
{{- with .Values.resources }}
{{ toYaml . | indent 16 }}
diff --git a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
index 4667b03c48c34279b76865a0913a69758f745bbf..4b47e6a77c49c0d7926da23652aaf0c2bd3b23ed 100644
--- a/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
+++ b/xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml
@@ -104,6 +104,10 @@ tests:
path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsUser
- isNull:
path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsGroup
+ - isNull:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+ - isNull:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities
- it: check runAsUser
set:
securityContext.runAsUser: 1000
@@ -126,3 +130,22 @@ tests:
value:
ozg-component: xta-adapter
workload: xta-adapter-cronjob
+ - it: check fsGroup
+ set:
+ securityContext.fsGroup: 1000
+ asserts:
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+ value: 1000
+ - it: check capabilities
+ set:
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ asserts:
+ - equal:
+ path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities
+ value:
+ drop:
+ - ALL
\ No newline at end of file