Merge pull request #50 from port-labs/PORT-5612-port-agent-chart

added security context and resource controls to port-agent
port-labs · Dec 18, 2023 · 9cfd1fc · 9cfd1fc
2 parents 82eb3be + 9684220
commit 9cfd1fc
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 6 deletions.
diff --git a/charts/port-agent/templates/deployment.yaml b/charts/port-agent/templates/deployment.yaml
@@ -5,6 +5,12 @@ metadata:
   labels:
     {{- include "port-agent.labels" . | nindent 4 }}
 spec:
+  strategty:
+    type: {{ .Values.rolloutStrategy }}
+  securityContext: 
+  {{- if .Values.podSecurityContext }}
+    {{- toYaml .Values.podSecurityContext | nindent 4 }}
+  {{- end }}
   replicas: 1
   selector:
     matchLabels:
@@ -22,17 +28,17 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-      securityContext:
-        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: {{ .Chart.Name }}
-          securityContext:
-            {{- toYaml .Values.securityContext | nindent 12 }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           {{- if .Values.selfSignedCertificate.enabled }}
           command: [ "sh", "-c", "update-ca-certificates && python3 main.py" ]
           {{- end }}
+          securityContext:
+          {{- if .Values.containerSecurityContext }}
+            {{- toYaml .Values.containerSecurityContext | nindent 14 }}
+          {{- end }}
           env:
             {{- if .Values.selfSignedCertificate.enabled }}
             {{/* Used for requests library in python - For httpx please use SSL_CERT_FILE */}}

diff --git a/charts/port-agent/values.yaml b/charts/port-agent/values.yaml
@@ -30,10 +30,28 @@ env:
 podAnnotations: {}
 
 podSecurityContext: {}
+# Example 
+  # runAsGroup: 1001
+  # runAsUser: 1001
+  # fsGroup: 1001
+  # fsGroupChangePolicy: "OnRootMismatch"
+containerSecurityContext: {}
+# Example 
+  # runAsGroup: 1001
+  # runAsUser: 1001
+  # allowPrivilegeEscalation: false
 
-securityContext: {}
 
-resources: {}
+
+rolloutStrategy: "Recreate"
+
+resources:
+  requests:
+    memory: "128Mi"
+    cpu: "100m"
+  limits:
+    memory: "256Mi"
+    cpu: "200m"
 
 nodeSelector: {}