add securityContext fsGroup and capabilities

src/main/helm/templates/deployment.yaml

@@ -183,6 +183,13 @@ spec:
           {{- with (.Values.securityContext).runAsGroup }}
           runAsGroup: {{ . }}
           {{- end }}
+          {{- with (.Values.securityContext).fsGroup }}
+          fsGroup: {{ . }}
+          {{- end }}
+          {{- with (.Values.securityContext).capabilities }}
+          capabilities:
+{{ toYaml . | indent 12 }}
+          {{- end }}
         stdin: true
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File

src/test/helm/deployment_container_security_context_test.yaml

@@ -56,6 +56,10 @@ tests:
           path: spec.template.spec.containers[0].securityContext.runAsUser
       - isNull:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.fsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.capabilities
   - it: check runAsUser
     set:
       securityContext.runAsUser: 1000
@@ -69,4 +73,23 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
-          value: 1000
\ No newline at end of file
+          value: 1000
+  - it: check fsGroup
+    set:
+      securityContext.fsGroup: 1000
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.fsGroup
+          value: 1000
+  - it: check capabilities
+    set:
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.capabilities
+          value:
+            drop:
+              - ALL