From 7553765859336fc65cd90eda77c13e31789fdcb9 Mon Sep 17 00:00:00 2001
From: OZGCloud <ozgcloud@mgm-tp.com>
Date: Thu, 29 Feb 2024 09:46:09 +0100
Subject: [PATCH] add securityContext fsGroup and capabilities

---
 src/main/helm/templates/deployment.yaml       |  7 ++++++
 ...yment_container_security_context_test.yaml | 25 ++++++++++++++++++-
 2 files changed, 31 insertions(+), 1 deletion(-)

diff --git a/src/main/helm/templates/deployment.yaml b/src/main/helm/templates/deployment.yaml
index 2468cfa7..bfce167d 100644
--- a/src/main/helm/templates/deployment.yaml
+++ b/src/main/helm/templates/deployment.yaml
@@ -183,6 +183,13 @@ spec:
           {{- with (.Values.securityContext).runAsGroup }}
           runAsGroup: {{ . }}
           {{- end }}
+          {{- with (.Values.securityContext).fsGroup }}
+          fsGroup: {{ . }}
+          {{- end }}
+          {{- with (.Values.securityContext).capabilities }}
+          capabilities:
+{{ toYaml . | indent 12 }}
+          {{- end }}
         stdin: true
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
diff --git a/src/test/helm/deployment_container_security_context_test.yaml b/src/test/helm/deployment_container_security_context_test.yaml
index 92090bb6..f1c7b115 100644
--- a/src/test/helm/deployment_container_security_context_test.yaml
+++ b/src/test/helm/deployment_container_security_context_test.yaml
@@ -56,6 +56,10 @@ tests:
           path: spec.template.spec.containers[0].securityContext.runAsUser
       - isNull:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.fsGroup
+      - isNull:
+          path: spec.template.spec.containers[0].securityContext.capabilities
   - it: check runAsUser
     set:
       securityContext.runAsUser: 1000
@@ -69,4 +73,23 @@ tests:
     asserts:
       - equal:
           path: spec.template.spec.containers[0].securityContext.runAsGroup
-          value: 1000
\ No newline at end of file
+          value: 1000
+  - it: check fsGroup
+    set:
+      securityContext.fsGroup: 1000
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.fsGroup
+          value: 1000
+  - it: check capabilities
+    set:
+      securityContext:
+        capabilities:
+          drop:
+            - ALL
+    asserts:
+      - equal:
+          path: spec.template.spec.containers[0].securityContext.capabilities
+          value:
+            drop:
+              - ALL
-- 
GitLab