From b52bd6ed1ba8e881939d41e3bb3e6bd1e6804bba Mon Sep 17 00:00:00 2001
From: Ushitora Anqou <ushitora@anqou.net>
Date: Sat, 18 Jan 2025 20:59:52 +0900
Subject: [PATCH] charts: magout: support migrationJob

---
 charts/magout/templates/mastodonserver.yaml |  9 +++++++++
 charts/magout/values.yaml                   | 12 ++++++++++++
 2 files changed, 21 insertions(+)

diff --git a/charts/magout/templates/mastodonserver.yaml b/charts/magout/templates/mastodonserver.yaml
index 67de386..d108eda 100644
--- a/charts/magout/templates/mastodonserver.yaml
+++ b/charts/magout/templates/mastodonserver.yaml
@@ -102,3 +102,12 @@ spec:
     securityContext:
       {{- toYaml . | nindent 6 }}
     {{- end }}
+  migrationJob:
+    {{- with .Values.mastodonServer.migrationJob.podSecurityContext }}
+    podSecurityContext:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
+    {{- with .Values.mastodonServer.migrationJob.securityContext }}
+    securityContext:
+      {{- toYaml . | nindent 6 }}
+    {{- end }}
diff --git a/charts/magout/values.yaml b/charts/magout/values.yaml
index 263d785..6a4cf7c 100644
--- a/charts/magout/values.yaml
+++ b/charts/magout/values.yaml
@@ -68,6 +68,18 @@ mastodonServer:
       capabilities:
         drop:
           - ALL
+  migrationJob:
+    podSecurityContext:
+      runAsNonRoot: true
+      runAsUser: 991
+      runAsGroup: 991
+      seccompProfile:
+        type: RuntimeDefault
+    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
 
 serviceAccount:
   # Specifies whether a service account should be created