diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 2468cfa706e6e1a319fe58606d9ae0d032dda027..bfce167d2dc4a05c800586378c525a10079bfe7c 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -183,6 +183,13 @@ spec:
{{- with (.Values.securityContext).runAsGroup }}
runAsGroup: {{ . }}
{{- end }}
+ {{- with (.Values.securityContext).fsGroup }}
+ fsGroup: {{ . }}
+ {{- end }}
+ {{- with (.Values.securityContext).capabilities }}
+ capabilities:
+{{ toYaml . | indent 12 }}
+ {{- end }}
stdin: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
diff --git a/src/test/helm/deployment_container_security_context_test.yaml b/src/test/helm/deployment_container_security_context_test.yaml
index 92090bb6e2310c9a31906c1e808d199a35198ea0..f1c7b1154cf34c372d891cf6cb32f64280c07d42 100644
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -56,6 +56,10 @@ tests:
path: spec.template.spec.containers[0].securityContext.runAsUser
- isNull:
path: spec.template.spec.containers[0].securityContext.runAsGroup
+ - isNull:
+ path: spec.template.spec.containers[0].securityContext.fsGroup
+ - isNull:
+ path: spec.template.spec.containers[0].securityContext.capabilities
- it: check runAsUser
set:
securityContext.runAsUser: 1000
@@ -69,4 +73,23 @@ tests:
asserts:
- equal:
path: spec.template.spec.containers[0].securityContext.runAsGroup
- value: 1000
\ No newline at end of file
+ value: 1000
+ - it: check fsGroup
+ set:
+ securityContext.fsGroup: 1000
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].securityContext.fsGroup
+ value: 1000
+ - it: check capabilities
+ set:
+ securityContext:
+ capabilities:
+ drop:
+ - ALL
+ asserts:
+ - equal:
+ path: spec.template.spec.containers[0].securityContext.capabilities
+ value:
+ drop:
+ - ALL