add support for securityContext and resources in sideload container

1 year ago · 565f9f64f0
parent ef5ab0ecb8
commit 565f9f64f0
4 changed files with 28 additions and 1 deletions
--- a/dev/helm/Chart.yaml
+++ b/dev/helm/Chart.yaml
@ -2,7 +2,7 @@ apiVersion: v2
 name: wiki
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 2.2.0
+version: 2.3.0
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
 AppVersion: latest
--- a/dev/helm/README.md
+++ b/dev/helm/README.md
@ -115,6 +115,9 @@ The following table lists the configurable parameters of the Wiki.js chart and t
 | `sideload.enabled`                   | Enable sideloading of locale files from git | `false`                                                    |
 | `sideload.repoURL`                   | Git repository URL containing locale files  | `https://github.com/Requarks/wiki-localization`            |
 | `sideload.env`                       | Environment variables for sideload Container | `{}`                                                      |
+| `sideload.securityContext`           | security context for sideload Container     | `nil`                                                      |
+| `sideload.resources.limits`          | resource limits for sideload Container      | `nil`                                                      |
+| `sideload.resources.requests`        | resource requests for sideload Container    | `nil`                                                      |
 | `nodeExtraCaCerts`                   | Trusted certificates path                   | `nil`                                                      |
 | `postgresql.enabled`                 | Deploy postgres server (see below)          | `true`                                                     |
 | `postgresql.postgresqlDatabase`        | Postgres database name                      | `wiki`                                                   |
--- a/dev/helm/templates/deployment.yaml
+++ b/dev/helm/templates/deployment.yaml
@ -27,12 +27,16 @@ spec:
      {{- if .Values.sideload.enabled }}
      initContainers:
        - name: {{ .Chart.Name }}-sideload
+          securityContext:
+            {{- toYaml .Values.sideload.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}"
          imagePullPolicy: {{ default "IfNotPresent" .Values.image.imagePullPolicy }}
          env:
            {{- toYaml .Values.sideload.env | nindent 12 }}
          command: [ "sh", "-c" ]
          args: [ "mkdir -p /wiki/data/sideload && git clone --depth=1 {{ .Values.sideload.repoURL }} /wiki/data/sideload/" ]
+          resources:
+            {{- toYaml .Values.sideload.resources | nindent 12 }}
      {{- end }}
      containers:
        - name: {{ .Chart.Name }}
--- a/dev/helm/values.yaml
+++ b/dev/helm/values.yaml
@ -115,6 +115,26 @@ sideload:
  #  - name: HTTPS_PROXY
  #    value: http://my.proxy.com:3128

+  securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+
+  resources: {}
+  # We usually recommend not to specify default resources and to leave this as a conscious
+  # choice for the user. This also increases chances charts run on environments with little
+  # resources, such as Minikube. If you do want to specify resources, uncomment the following
+  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
+  # limits:
+  #   cpu: 100m
+  #   memory: 128Mi
+  # requests:
+  #   cpu: 100m
+  #   memory: 128Mi
+
 ## Append extra trusted certificates for node process from extra volume via NODE_EXTRA_CA_CERTS variable
 # nodeExtraCaCerts: "/path/to/certs.pem"