fix: resources/secContext configurable for rbac proxy sidecar (#51)

Author: petardoodle

chart/k8s-pause/Chart.yaml

@@ -14,4 +14,4 @@ keywords:
 name: k8s-pause
 sources:
 - https://github.com/DoodleScheduling/k8s-pause
-version: 0.2.5
+version: 0.2.6

chart/k8s-pause/templates/deployment.yaml

@@ -99,12 +99,9 @@ spec:
           name: https
           protocol: TCP
         resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
+          {{- toYaml .Values.kubeRBACProxy.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.kubeRBACProxy.securityContext | nindent 10 }}
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
       {{- end }}
@@ -121,6 +118,8 @@ spec:
         secret:
           secretName: {{ .secretName }}
       {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       affinity:
         {{- toYaml .Values.affinity | nindent 8 }}
       imagePullSecrets:

chart/k8s-pause/values.yaml

@@ -96,6 +96,8 @@ securityContext:
   capabilities:
     drop: ["all"]
   readOnlyRootFilesystem: true
+
+podSecurityContext:
   runAsGroup: 10000
   runAsNonRoot: true
   runAsUser: 10000
@@ -139,4 +141,12 @@ prometheusRule:
 kubeRBACProxy:
   enabled: true
 
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["all"]
+    readOnlyRootFilesystem: true
+
+  resources: {}
+
 tolerations: []