fix: security/resources configurable (#25)

Author: petardoodle

chart/k8soauth2-proxy-controller/Chart.yaml

@@ -13,4 +13,4 @@ keywords:
 name: k8soauth2-proxy-controller
 sources:
 - https://github.com/DoodleScheduling/k8soauth2-proxy-controller
-version: 0.2.3
+version: 0.2.4

chart/k8soauth2-proxy-controller/templates/deployment.yaml

@@ -96,12 +96,9 @@ spec:
           name: https
           protocol: TCP
         resources:
-          limits:
-            cpu: 500m
-            memory: 128Mi
-          requests:
-            cpu: 5m
-            memory: 64Mi
+          {{- toYaml .Values.kubeRBACProxy.resources | nindent 10 }}
+        securityContext:
+          {{- toYaml .Values.kubeRBACProxy.securityContext | nindent 10 }}
         terminationMessagePath: /dev/termination-log
         terminationMessagePolicy: File
       {{- end }}
@@ -114,6 +111,8 @@ spec:
         secret:
           secretName: {{ .secretName }}
       {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       affinity:
         {{- toYaml .Values.affinity | nindent 8 }}
       imagePullSecrets:

chart/k8soauth2-proxy-controller/values.yaml

@@ -87,6 +87,8 @@ securityContext:
   capabilities:
     drop: ["all"]
   readOnlyRootFilesystem: true
+
+podSecurityContext:
   runAsGroup: 10000
   runAsNonRoot: true
   runAsUser: 10000
@@ -131,4 +133,12 @@ prometheusRule:
 kubeRBACProxy:
   enabled: true
 
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop: ["all"]
+    readOnlyRootFilesystem: true
+
+  resources: {}
+
 tolerations: []