Add securityContext to containers in KubeVirt hooks (#60)

charts/kubevirt/0.2.0/templates/kubevirt-cr-uninstall.yaml

@@ -61,6 +61,8 @@ spec:
       containers:
         - name: kubevirt-cr-uninstaller
           image: {{ .Values.kubecli.image }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           command:
             - /bin/sh
             - -c

charts/kubevirt/0.2.0/templates/kubevirt-crd-uninstall.yaml

@@ -67,6 +67,8 @@ spec:
       restartPolicy: OnFailure
       containers:
         - name: kubevirt-crd-uninstaller
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.kubecli.image }}
           command:
             - /bin/sh

charts/kubevirt/0.2.0/templates/kubevirt-crd-upgrade.yaml

@@ -85,6 +85,8 @@ spec:
       restartPolicy: OnFailure
       containers:
         - name: kubevirt-crd-upgrader
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.kubecli.image }}
           command:
             - /bin/sh

charts/kubevirt/0.2.0/values.yaml

@@ -3,5 +3,14 @@ kubevirt:
   version: 1.1.0-150500.8.6.1
   pullPolicy: IfNotPresent
 
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+
 kubecli:
   image: bitnami/kubectl:1.27.3

index.yaml

@@ -61,9 +61,9 @@ entries:
   kubevirt:
   - apiVersion: v2
     appVersion: 1.1.0
-    created: "2023-12-06T13:39:17.572304+02:00"
+    created: "2023-12-07T16:13:19.409967+02:00"
     description: A Helm chart for KubeVirt
-    digest: c62cb510a7302f5f392860c9591fb02256e161fcac65b87898ed711f03cd30bd
+    digest: f720fd37f42580dc067f01a5d730065d7f192f38fc389609b722bc9ed3e0a751
     icon: https://raw.githubusercontent.com/cncf/artwork/main/projects/kubevirt/icon/color/kubevirt-icon-color.svg
     name: kubevirt
     type: application

packages/kubevirt/charts/templates/kubevirt-cr-uninstall.yaml

@@ -61,6 +61,8 @@ spec:
       containers:
         - name: kubevirt-cr-uninstaller
           image: {{ .Values.kubecli.image }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           command:
             - /bin/sh
             - -c

packages/kubevirt/charts/templates/kubevirt-crd-uninstall.yaml

@@ -67,6 +67,8 @@ spec:
       restartPolicy: OnFailure
       containers:
         - name: kubevirt-crd-uninstaller
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.kubecli.image }}
           command:
             - /bin/sh

packages/kubevirt/charts/templates/kubevirt-crd-upgrade.yaml

@@ -85,6 +85,8 @@ spec:
       restartPolicy: OnFailure
       containers:
         - name: kubevirt-crd-upgrader
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           image: {{ .Values.kubecli.image }}
           command:
             - /bin/sh

packages/kubevirt/charts/values.yaml

@@ -3,5 +3,14 @@ kubevirt:
   version: 1.1.0-150500.8.6.1
   pullPolicy: IfNotPresent
 
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+
 kubecli:
   image: bitnami/kubectl:1.27.3