feat: goldpinger: option to specify security context (#73)

* feat: goldpinger: option to specify security context

Signed-off-by: sedflix <[email protected]>

* feat: goldpinger: option to specify security context

Signed-off-by: sedflix <[email protected]>

* fix: too many blank lines

Signed-off-by: sedflix <[email protected]>

Signed-off-by: sedflix <[email protected]>

charts/goldpinger/Chart.yaml

@@ -11,4 +11,4 @@ name: goldpinger
 sources:
   - https://github.com/bloomberg/goldpinger
   - https://github.com/okgolove/helm-charts
-version: 5.4.2
+version: 5.4.3

charts/goldpinger/templates/daemonset.yaml

@@ -47,6 +47,10 @@ spec:
               value: "{{ .Values.goldpinger.port }}"
             - name: LABEL_SELECTOR
               value: "app.kubernetes.io/name={{ include "goldpinger.name" . }}"
+          {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
 {{- if .Values.extraEnv }}
 {{ toYaml .Values.extraEnv | indent 12 }}
 {{- end }}
@@ -76,3 +80,7 @@ spec:
       tolerations:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}

charts/goldpinger/values.yaml

@@ -93,6 +93,22 @@ podSecurityPolicy:
   enabled: false
   policyName: unrestricted-psp
 
+## Set security context of the goldpinger container
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+containerSecurityContext: {}
+#  allowPrivilegeEscalation: false
+#  privileged: false
+#  readOnlyRootFilesystem: true
+
+## Set security context of the pod
+## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext: {}
+#  runAsNonRoot: true
+#  runAsUser: 1001
+#  runAsGroup: 2001
+#  seccompProfile:
+#    type: RuntimeDefault
+
 serviceMonitor:
   enabled: false
   selector: