Merge pull request #126 from DVPE-cloud/fix/optional-security-context

Optional Security Context
DVPE-cloud · Nov 29, 2023 · 858ea86 · 858ea86
2 parents d9db3fb + 3a5ab8a
commit 858ea86
Show file tree

Hide file tree

Showing 4 changed files with 51 additions and 39 deletions.
diff --git a/charts/dvpe-deployment-gloo/CHANGELOG.md b/charts/dvpe-deployment-gloo/CHANGELOG.md
@@ -6,6 +6,13 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 ## [Unreleased]
 
+## [4.7.3]
+### Fixed
+- Security Context will only be rendered if at least one value has to be set.
+
+## [4.7.2]
+### Changed
+- AutConfig is now completely optional if not a single plugin has been configured
 ## [4.7.2]
 ### Changed
 - AutConfig is now completely optional if not a single plugin has been configured
@@ -388,3 +395,4 @@ The ExternalSecretStore reference will generated on Namespace generation by WADT
 [4.7.0]: https://github.com/DVPE-cloud/dvpe-helm/tree/dvpe-deployment-gloo-4.7.0/charts/dvpe-deployment-gloo
 [4.7.1]: https://github.com/DVPE-cloud/dvpe-helm/tree/dvpe-deployment-gloo-4.7.1/charts/dvpe-deployment-gloo
 [4.7.2]: https://github.com/DVPE-cloud/dvpe-helm/tree/dvpe-deployment-gloo-4.7.2/charts/dvpe-deployment-gloo
+[4.7.3]: https://github.com/DVPE-cloud/dvpe-helm/tree/dvpe-deployment-gloo-4.7.3/charts/dvpe-deployment-gloo
diff --git a/charts/dvpe-deployment-gloo/Chart.yaml b/charts/dvpe-deployment-gloo/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: "1.1"
 description: Helm chart for installing microservices as gloo enabled VirtualService definitions.
 name: dvpe-deployment-gloo
-version: 4.7.2
+version: 4.7.3
 home: https://github.com/dvpe-cloud/dvpe-helm
 keywords:
   - dvpe-helm

diff --git a/charts/dvpe-deployment-gloo/README.md b/charts/dvpe-deployment-gloo/README.md
@@ -1,6 +1,6 @@
 # dvpe-deployment-gloo
 
-![Version: 4.7.2](https://img.shields.io/badge/Version-4.7.2-informational?style=flat-square)
+![Version: 4.7.3](https://img.shields.io/badge/Version-4.7.3-informational?style=flat-square)
 
 Helm chart for installing microservices as gloo enabled VirtualService definitions.
 

diff --git a/charts/dvpe-deployment-gloo/templates/deployment.yaml b/charts/dvpe-deployment-gloo/templates/deployment.yaml
@@ -2,21 +2,22 @@
 {{- $imageUrl := include "image.url" . -}}
 {{- $serviceAccountName := include "deployment.spec.serviceAccountName" . -}}
 
+{{- with .Values.deployment.spec }}
 ---
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: {{ $serviceName }}
-  namespace: {{ .Release.Namespace }}
+  namespace: {{ $.Release.Namespace }}
   labels:
-    {{- if .Values.datadog.enabled }}
-    tags.datadoghq.com/env: {{ .Values.datadog.env }}
+    {{- if $.Values.datadog.enabled }}
+    tags.datadoghq.com/env: {{ $.Values.datadog.env }}
     tags.datadoghq.com/service: {{ $serviceName }}
-    tags.datadoghq.com/version: {{ default .Values.deployment.spec.image.tag .Values.datadog.version }}
+    tags.datadoghq.com/version: {{ default .image.tag $.Values.datadog.version }}
     {{- end }}
 spec:
-  {{- if not .Values.autoscaling.enabled }}
-  replicas: {{ .Values.deployment.spec.replicas }}
+  {{- if not $.Values.autoscaling.enabled }}
+  replicas: {{ .replicas }}
   {{- end }}
   selector:
     matchLabels:
@@ -25,47 +26,49 @@ spec:
     metadata:
       labels:
         app: {{ $serviceName }}
-        {{- if .Values.datadog.enabled }}
-        tags.datadoghq.com/env: {{ .Values.datadog.env }}
+        {{- if $.Values.datadog.enabled }}
+        tags.datadoghq.com/env: {{ $.Values.datadog.env }}
         tags.datadoghq.com/service: {{ $serviceName }}
-        tags.datadoghq.com/version: {{ default .Values.deployment.spec.image.tag .Values.datadog.version }}
+        tags.datadoghq.com/version: {{ default .image.tag $.Values.datadog.version }}
         {{- end }}
       annotations:
-        {{- if .Values.datadog.enabled }}
-        ad.datadoghq.com/{{ $serviceName }}.logs: '[{"source":"{{ .Values.datadog.source }}", "service":"{{ $serviceName }}" }]'
-        ad.datadoghq.com/{{ $serviceName }}.tags: '{"team": "{{ .Values.datadog.team }}"}'
+        {{- if $.Values.datadog.enabled }}
+        ad.datadoghq.com/{{ $serviceName }}.logs: '[{"source":"{{ $.Values.datadog.source }}", "service":"{{ $serviceName }}" }]'
+        ad.datadoghq.com/{{ $serviceName }}.tags: '{"team": "{{ $.Values.datadog.team }}"}'
         {{- end}}
-        {{- if .Values.deployment.podAnnotations }}
-          {{- toYaml .Values.deployment.podAnnotations | nindent 8 }}
+        {{- if $.Values.deployment.podAnnotations }}
+          {{- toYaml $.Values.deployment.podAnnotations | nindent 8 }}
         {{- end }}
     spec:
+      {{- if or .securityContext.userId .securityContext.groupId }}
       securityContext:
-        {{- if .Values.deployment.spec.securityContext.userId }}
-        runAsUser: {{ int .Values.deployment.spec.securityContext.userId }}
+        {{- if .securityContext.userId }}
+        runAsUser: {{ int .securityContext.userId }}
         {{- end }}
-        {{- if .Values.deployment.spec.securityContext.groupId }}
-        runAsGroup: {{ int .Values.deployment.spec.securityContext.groupId }}
+        {{- if .securityContext.groupId }}
+        runAsGroup: {{ int .securityContext.groupId }}
         {{- end }}
+      {{- end }}
       imagePullSecrets:
-        - name: {{ .Values.deployment.spec.imagePullSecrets }}
+        - name: {{ .imagePullSecrets }}
       serviceAccountName: {{ $serviceAccountName }}
       containers:
         - name: {{ $serviceName }}
-          imagePullPolicy: {{ .Values.deployment.spec.image.pullPolicy }}
+          imagePullPolicy: {{ .image.pullPolicy }}
           image: {{ $imageUrl }}
           envFrom:
-            {{- if .Values.externalSecrets.service.key }}
+            {{- if $.Values.externalSecrets.service.key }}
             - secretRef:
                 name: "{{ $serviceName }}-service-secrets"
             {{- end }}
-            {{- if .Values.additionalparameters.customConfigMapReference }}
+            {{- if $.Values.additionalparameters.customConfigMapReference }}
             - configMapRef:
-                name: {{ .Values.additionalparameters.customConfigMapReference }}
+                name: {{ $.Values.additionalparameters.customConfigMapReference }}
             {{- end}}
           env:
-          {{- if .Values.datadog.enabled }}
+          {{- if $.Values.datadog.enabled }}
           - name: "ENABLE_DATADOG"
-            value: {{ quote .Values.datadog.enabled }}
+            value: {{ quote $.Values.datadog.enabled }}
           - name: "DD_AGENT_HOST"
             valueFrom:
               fieldRef:
@@ -83,16 +86,16 @@ spec:
               fieldRef:
                 fieldPath: metadata.labels['tags.datadoghq.com/version']
           {{- end}}
-          {{- if .Values.additionalparameters.configMapApplied }}
-          {{- range $key, $value := .Values.additionalparameters.config }}
+          {{- if $.Values.additionalparameters.configMapApplied }}
+          {{- range $key, $value := $.Values.additionalparameters.config }}
           - name: "{{$key}}"
             valueFrom:
               configMapKeyRef:
                 name:  {{ $serviceName }}-additional-parameters
                 key: {{$key}}
           {{- end}}
           {{- end}}
-          {{- range $key, $value := .Values.additionalparameters.secrets }}
+          {{- range $key, $value := $.Values.additionalparameters.secrets }}
           - name: {{ $key | quote }}
             valueFrom:
               secretKeyRef:
@@ -103,7 +106,7 @@ spec:
                 {{- end}}
                 key: {{ $value.secretKeyRef.key }}
           {{- end}}
-          {{- with .Values.deployment.spec.containers }}
+          {{- with .containers }}
           {{- if .startupProbe }}
           startupProbe:
           {{- .startupProbe | toYaml | nindent 12 }}
@@ -119,21 +122,22 @@ spec:
           {{- end }}
           resources:
             limits:
-              {{- if .Values.deployment.spec.resources.limits.cpu }}
-              cpu: {{ .Values.deployment.spec.resources.limits.cpu }}
+              {{- if .resources.limits.cpu }}
+              cpu: {{ .resources.limits.cpu }}
               {{- end }}
-              {{- if .Values.deployment.spec.resources.limits.memory }}
-              memory: {{ .Values.deployment.spec.resources.limits.memory }}
+              {{- if .resources.limits.memory }}
+              memory: {{ .resources.limits.memory }}
               {{- end }}
             requests:
-              cpu: {{ .Values.deployment.spec.resources.requests.cpu }}
-              memory: {{ .Values.deployment.spec.resources.requests.memory }}
-      {{- if .Values.additionalparameters.yamlConfigFileApplied }}
+              cpu: {{ .resources.requests.cpu }}
+              memory: {{ .resources.requests.memory }}
+      {{- if $.Values.additionalparameters.yamlConfigFileApplied }}
           volumeMounts:
             - name: yaml-config-volume
               mountPath: /etc/config
       volumes:
         - name: yaml-config-volume
           configMap:
             name: {{ $serviceName }}-additional-config-yaml
-      {{ end }}
+      {{- end }}
+{{- end }}