From d476ba03227cb1fbbbcd06774d551f908e274884 Mon Sep 17 00:00:00 2001
From: Julien Godin <julien.godin@bit.admin.ch>
Date: Fri, 28 Jun 2024 13:26:14 +0200
Subject: [PATCH] feat(charts): cert management security context

Allow security context to be setted in the cert init container. and
introduce default configuration to be the as previous values

Signed-off-by: Julien Godin <julien.godin@camptocamp.com>
---
 helm-chart/renku/templates/_certificates-init-container.tpl | 5 +----
 helm-chart/renku/values.yaml                                | 5 +++++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/helm-chart/renku/templates/_certificates-init-container.tpl b/helm-chart/renku/templates/_certificates-init-container.tpl
index e88cc43d7f..6adea68324 100644
--- a/helm-chart/renku/templates/_certificates-init-container.tpl
+++ b/helm-chart/renku/templates/_certificates-init-container.tpl
@@ -3,10 +3,7 @@
 - name: init-certificates
   image: "{{ .Values.global.certificates.image.repository }}:{{ .Values.global.certificates.image.tag }}"
   securityContext:
-    allowPrivilegeEscalation: false
-    runAsUser: 1000
-    runAsGroup: 1000
-    runAsNonRoot: true
+{{ toYaml .Values.global.certificates.securityContext | indent 4 }}
   volumeMounts:
     - name: etc-ssl-certs
       mountPath: /etc/ssl/certs/
diff --git a/helm-chart/renku/values.yaml b/helm-chart/renku/values.yaml
index b860c13a95..1d7d682495 100644
--- a/helm-chart/renku/values.yaml
+++ b/helm-chart/renku/values.yaml
@@ -206,6 +206,11 @@ global:
       tag: "0.0.2"
     customCAs: []
     # - secret:
+    securityContext:
+      allowPrivilegeEscalation: false
+      runAsUser: 1000
+      runAsGroup: 1000
+      runAsNonRoot: true
   ## Database credentials for postgres
   db:
     ## Used by the renku-data-services and potentially other backend services