Merge branch 'develop' into fix/value-2

charts/netbox/templates/cronjob.yaml

@@ -36,15 +36,17 @@ spec:
           {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }}
           serviceAccountName: {{ include "netbox.serviceAccountName" . }}
           automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }}
-          securityContext:
-            {{- toYaml .Values.housekeeping.podSecurityContext | nindent 12 }}
+          {{- if .Values.housekeeping.podSecurityContext.enabled }}
+          securityContext: {{- omit .Values.housekeeping.podSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           {{- if .Values.housekeeping.initContainers }}
           {{- include "common.tplvalues.render" (dict "value" .Values.housekeeping.initContainers "context" $) | trim | nindent 10 }}
           {{- end }}
           containers:
           - name: {{ .Chart.Name }}-housekeeping
-            securityContext:
-              {{- toYaml .Values.housekeeping.securityContext | nindent 14 }}
+            {{- if .Values.housekeeping.securityContext.enabled }}
+            securityContext: {{- omit .Values.housekeeping.securityContext "enabled" | toYaml | nindent 14 }}
+            {{- end }}
             image: {{ include "netbox.image" . | quote }}
             command:
             - /opt/netbox/venv/bin/python

charts/netbox/templates/deployment.yaml

@@ -53,7 +53,9 @@ spec:
         {{- else if ne .Values.init.resourcesPreset "none" }}
         resources: {{- include "common.resources.preset" (dict "type" .Values.init.resourcesPreset) | nindent 10 }}
         {{- end }}
-        securityContext: {{- .Values.init.securityContext | toYaml | nindent 10 }}
+        {{- if .Values.init.securityContext.enabled }}
+        securityContext: {{- omit .Values.init.securityContext "enabled" | toYaml | nindent 10 }}
+        {{- end }}
         volumeMounts:
         - name: optunit
           mountPath: /opt/unit

charts/netbox/templates/ingress.yaml

@@ -5,7 +5,7 @@ metadata:
   name: {{ include "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-  {{- if or .Values.service.annotations .Values.commonAnnotations }}
+  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
   {{- end }}

charts/netbox/templates/tests/test-connection.yaml

@@ -18,4 +18,7 @@ spec:
     {{- else if ne .Values.test.resourcesPreset "none" }}
     resources: {{- include "common.resources.preset" (dict "type" .Values.test.resourcesPreset) | nindent 6 }}
     {{- end }}
+    {{- if .Values.test.securityContext.enabled }}
+    securityContext: {{- omit .Values.test.securityContext "enabled" | toYaml | nindent 12 }}
+    {{- end }}
   restartPolicy: Never

charts/netbox/templates/worker-deployment.yaml

@@ -44,15 +44,17 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "netbox.serviceAccountName" . }}
       automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
-      securityContext:
-        {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
-      {{- if .Values.worker.initContainers }}
+      {{- if .Values.worker.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.worker.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
+      {{- with .Values.worker.initContainers }}
       {{- include "common.tplvalues.render" (dict "value" .Values.worker.initContainers "context" $) | trim | nindent 6 }}
       {{- end }}
       containers:
       - name: {{ .Chart.Name }}-worker
-        securityContext:
-          {{- toYaml .Values.worker.securityContext | nindent 10 }}
+        {{- if .Values.worker.securityContext.enabled }}
+        securityContext: {{- omit .Values.worker.securityContext "enabled" | toYaml | nindent 10 }}
+        {{- end }}
         image: {{ include "netbox.image" . | quote }}
         command:
         - /opt/netbox/venv/bin/python

charts/netbox/values.yaml

@@ -679,16 +679,16 @@ podSecurityContext:
   fsGroup: 1000
 ## Configure Container Security Context (only main container)
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-## @param containerSecurityContext.enabled Enabled containers' Security Context
-## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
-## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
-## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
-## @param containerSecurityContext.privileged Set container's Security Context privileged
-## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
-## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
-## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
-## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+## @param securityContext.enabled Enabled containers' Security Context
+## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+## @param securityContext.runAsUser Set containers' Security Context runAsUser
+## @param securityContext.runAsGroup Set containers' Security Context runAsGroup
+## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+## @param securityContext.privileged Set container's Security Context privileged
+## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+## @param securityContext.capabilities.drop List of capabilities to be dropped
+## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile
 ##
 securityContext:
   enabled: true
@@ -990,13 +990,15 @@ init:
   ## Init container' Security Context
   ## Note: the chown of the data folder is done to securityContext.runAsUser
   ## and not the below init.securityContext.runAsUser
+  ## @param init.securityContext.enabled Enabled containers' Security Context
   ## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param init.securityContext.runAsUser User ID for the init container
   ## @param init.securityContext.runAsGroup Group ID for the init container
   ## @param init.securityContext.runAsNonRoot runAsNonRoot for the init container
   ## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container
   ##
   securityContext:
+    enabled: true
     seLinuxOptions: {}
     seccompProfile:
       type: RuntimeDefault
@@ -1055,13 +1057,15 @@ test:
   ## test container' Security Context
   ## Note: the chown of the data folder is done to securityContext.runAsUser
   ## and not the below test.securityContext.runAsUser
+  ## @param test.securityContext.enabled Enabled containers' Security Context
   ## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param test.securityContext.runAsUser User ID for the test container
   ## @param test.securityContext.runAsGroup Group ID for the test container
   ## @param test.securityContext.runAsNonRoot runAsNonRoot for the test container
   ## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container
   ##
   securityContext:
+    enabled: false
     seLinuxOptions: {}
     seccompProfile:
       type: RuntimeDefault