add securityContext fsGroup and capabilities

src/main/helm/templates/deployment.yaml

@@ -139,6 +139,13 @@ spec:
           {{- with (.Values.securityContext).runAsGroup }}
           runAsGroup: {{ . }}
           {{- end }}
+          {{- with (.Values.securityContext).fsGroup }}
+          fsGroup: {{ . }}
+          {{- end }}
+          {{- with (.Values.securityContext).capabilities }}
+          capabilities:
+{{ toYaml . | indent 12 }}
+          {{- end }}
         stdin: true
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File

src/test/helm/deployment_container_security_context_test.yaml

@@ -49,6 +49,10 @@ tests:
           path: spec.template.spec.containers[0].securityContext.runAsUser
       - isNull:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.fsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.capabilities
   - it: check runAsUser
     set:
       securityContext.runAsUser: 1000
@@ -63,3 +67,22 @@ tests:
       - equal:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
           value: 1000
+  - it: check fsGroup
+    set:
+      securityContext.fsGroup: 1000
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.fsGroup
+          value: 1000
+  - it: check capabilities
+    set:
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.capabilities
+          value:
+            drop:
+              - ALL
\ No newline at end of file

xta-adapter/src/main/helm/templates/xta_adapter_cronjob.yaml

@@ -111,6 +111,13 @@ spec:
                 {{- with (.Values.securityContext).runAsGroup }}
                 runAsGroup: {{ . }}
                 {{- end }}
+                {{- with (.Values.securityContext).fsGroup }}
+                fsGroup: {{ . }}
+                {{- end }}
+                {{- with (.Values.securityContext).capabilities }}
+                capabilities:
+{{ toYaml . | indent 18 }}
+                {{- end }}
               resources:
               {{- with .Values.resources }}
 {{ toYaml . | indent 16 }}

xta-adapter/src/test/helm/xta_adapter_cronjob_basic_test.yaml

@@ -104,6 +104,10 @@ tests:
         path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsUser
     - isNull:
         path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.runAsGroup
+    - isNull:
+        path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+    - isNull:
+        path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities
   - it: check runAsUser
     set:
       securityContext.runAsUser: 1000
@@ -126,3 +130,22 @@ tests:
         value: 
           ozg-component: xta-adapter
           workload: xta-adapter-cronjob
+  - it: check fsGroup
+    set:
+      securityContext.fsGroup: 1000
+    asserts:
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.fsGroup
+          value: 1000
+  - it: check capabilities
+    set:
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+    asserts:
+      - equal:
+          path: spec.jobTemplate.spec.template.spec.containers[0].securityContext.capabilities
+          value:
+            drop:
+              - ALL
\ No newline at end of file