diff --git a/charts/network/charts/network-bootstrapper/templates/_helpers.tpl b/charts/network/charts/network-bootstrapper/templates/_helpers.tpl index cab06fb..e79e22a 100644 --- a/charts/network/charts/network-bootstrapper/templates/_helpers.tpl +++ b/charts/network/charts/network-bootstrapper/templates/_helpers.tpl @@ -77,3 +77,15 @@ Accepts either a YAML string or a list of init container maps and indents output {{- end -}} {{- end -}} {{- end -}} + +{{/* +Resolve pod and container security contexts by layering chart values over global defaults. +*/}} +{{- define "network-bootstrapper.securityContexts" -}} +{{- $root := . -}} +{{- $globalValues := ($root.Values.global | default (dict)) -}} +{{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) -}} +{{- $pod := mergeOverwrite (deepCopy (dig "pod" $globalSecurityContexts (dict))) (default (dict) $root.Values.podSecurityContext) -}} +{{- $container := mergeOverwrite (deepCopy (dig "container" $globalSecurityContexts (dict))) (default (dict) $root.Values.securityContext) -}} +{{- dict "pod" $pod "container" $container | toYaml -}} +{{- end -}} diff --git a/charts/network/charts/network-bootstrapper/templates/job.yaml b/charts/network/charts/network-bootstrapper/templates/job.yaml index f1526a3..5322ae8 100644 --- a/charts/network/charts/network-bootstrapper/templates/job.yaml +++ b/charts/network/charts/network-bootstrapper/templates/job.yaml @@ -27,10 +27,9 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "network-bootstrapper.serviceAccountName" . }} - {{- $globalValues := (.Values.global | default (dict)) }} - {{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) }} - {{- $podSecurityContext := merge (deepCopy (default (dict) .Values.podSecurityContext)) (dig "pod" $globalSecurityContexts (dict)) }} - {{- $containerSecurityContext := merge (deepCopy (default (dict) .Values.securityContext)) (dig "container" $globalSecurityContexts (dict)) }} + {{- $securityContexts := include "network-bootstrapper.securityContexts" . | fromYaml }} + {{- $podSecurityContext := index $securityContexts "pod" }} + {{- $containerSecurityContext := index $securityContexts "container" }} {{- if $podSecurityContext }} securityContext: {{- toYaml $podSecurityContext | nindent 8 }} diff --git a/charts/network/charts/network-nodes/templates/_helpers.tpl b/charts/network/charts/network-nodes/templates/_helpers.tpl index 9236957..563f43f 100644 --- a/charts/network/charts/network-nodes/templates/_helpers.tpl +++ b/charts/network/charts/network-nodes/templates/_helpers.tpl @@ -126,3 +126,15 @@ Accepts either a YAML string or a list of init container maps and indents output {{- end -}} {{- end -}} {{- end -}} + +{{/* +Resolve pod and container security contexts using global defaults plus chart overrides. +*/}} +{{- define "nodes.securityContexts" -}} +{{- $root := . -}} +{{- $globalValues := ($root.Values.global | default (dict)) -}} +{{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) -}} +{{- $pod := mergeOverwrite (deepCopy (dig "pod" $globalSecurityContexts (dict))) (default (dict) $root.Values.podSecurityContext) -}} +{{- $container := mergeOverwrite (deepCopy (dig "container" $globalSecurityContexts (dict))) (default (dict) $root.Values.securityContext) -}} +{{- dict "pod" $pod "container" $container | toYaml -}} +{{- end -}} diff --git a/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml b/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml index 6028a30..d42b87b 100644 --- a/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml +++ b/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml @@ -36,10 +36,9 @@ spec: {{- $initContainers := .Values.initContainers | default (dict) }} {{- $sharedInitContainers := get $initContainers "shared" }} {{- $rpcInitContainers := get $initContainers "rpc" }} - {{- $globalValues := (.Values.global | default (dict)) }} - {{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) }} - {{- $podSecurityContext := merge (deepCopy (default (dict) .Values.podSecurityContext)) (dig "pod" $globalSecurityContexts (dict)) }} - {{- $containerSecurityContext := merge (deepCopy (default (dict) .Values.securityContext)) (dig "container" $globalSecurityContexts (dict)) }} + {{- $securityContexts := include "nodes.securityContexts" . | fromYaml }} + {{- $podSecurityContext := index $securityContexts "pod" }} + {{- $containerSecurityContext := index $securityContexts "container" }} podManagementPolicy: Parallel replicas: {{ .Values.rpcReplicaCount }} serviceName: {{ include "nodes.fullname" . }}-rpc diff --git a/charts/network/charts/network-nodes/templates/statefulset-validator.yaml b/charts/network/charts/network-nodes/templates/statefulset-validator.yaml index 130958a..20f7000 100644 --- a/charts/network/charts/network-nodes/templates/statefulset-validator.yaml +++ b/charts/network/charts/network-nodes/templates/statefulset-validator.yaml @@ -37,10 +37,9 @@ spec: {{- $initContainers := .Values.initContainers | default (dict) }} {{- $sharedInitContainers := get $initContainers "shared" }} {{- $validatorInitContainers := get $initContainers "validator" }} - {{- $globalValues := (.Values.global | default (dict)) }} - {{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) }} - {{- $podSecurityContext := merge (deepCopy (default (dict) .Values.podSecurityContext)) (dig "pod" $globalSecurityContexts (dict)) }} - {{- $containerSecurityContext := merge (deepCopy (default (dict) .Values.securityContext)) (dig "container" $globalSecurityContexts (dict)) }} + {{- $securityContexts := include "nodes.securityContexts" . | fromYaml }} + {{- $podSecurityContext := index $securityContexts "pod" }} + {{- $containerSecurityContext := index $securityContexts "container" }} podManagementPolicy: Parallel replicas: {{ $validatorReplicaBudget }} serviceName: {{ include "nodes.fullname" . }}