diff --git a/charts/network/charts/network-bootstrapper/templates/_helpers.tpl b/charts/network/charts/network-bootstrapper/templates/_helpers.tpl index e79e22a..8431a42 100644 --- a/charts/network/charts/network-bootstrapper/templates/_helpers.tpl +++ b/charts/network/charts/network-bootstrapper/templates/_helpers.tpl @@ -82,10 +82,12 @@ Accepts either a YAML string or a list of init container maps and indents output Resolve pod and container security contexts by layering chart values over global defaults. */}} {{- define "network-bootstrapper.securityContexts" -}} -{{- $root := . -}} -{{- $globalValues := ($root.Values.global | default (dict)) -}} -{{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) -}} -{{- $pod := mergeOverwrite (deepCopy (dig "pod" $globalSecurityContexts (dict))) (default (dict) $root.Values.podSecurityContext) -}} -{{- $container := mergeOverwrite (deepCopy (dig "container" $globalSecurityContexts (dict))) (default (dict) $root.Values.securityContext) -}} -{{- dict "pod" $pod "container" $container | toYaml -}} +{{- $ctx := index . "ctx" -}} +{{- $dest := index . "dest" -}} +{{- $globalValues := ($ctx.Values.global | default (dict)) -}} +{{- $globalSecurityContexts := default (dict) (get $globalValues "securityContexts") -}} +{{- $podDefaults := default (dict) (get $globalSecurityContexts "pod") -}} +{{- $containerDefaults := default (dict) (get $globalSecurityContexts "container") -}} +{{- $_ := set $dest "pod" (mergeOverwrite (deepCopy $podDefaults) (default (dict) $ctx.Values.podSecurityContext)) -}} +{{- $_ := set $dest "container" (mergeOverwrite (deepCopy $containerDefaults) (default (dict) $ctx.Values.securityContext)) -}} {{- end -}} diff --git a/charts/network/charts/network-bootstrapper/templates/job.yaml b/charts/network/charts/network-bootstrapper/templates/job.yaml index 5322ae8..4a8f8fa 100644 --- a/charts/network/charts/network-bootstrapper/templates/job.yaml +++ b/charts/network/charts/network-bootstrapper/templates/job.yaml @@ -27,7 +27,8 @@ spec: {{- toYaml . | nindent 8 }} {{- end }} serviceAccountName: {{ include "network-bootstrapper.serviceAccountName" . }} - {{- $securityContexts := include "network-bootstrapper.securityContexts" . | fromYaml }} + {{- $securityContexts := dict -}} + {{- include "network-bootstrapper.securityContexts" (dict "ctx" . "dest" $securityContexts) -}} {{- $podSecurityContext := index $securityContexts "pod" }} {{- $containerSecurityContext := index $securityContexts "container" }} {{- if $podSecurityContext }} diff --git a/charts/network/charts/network-nodes/templates/_helpers.tpl b/charts/network/charts/network-nodes/templates/_helpers.tpl index 563f43f..4c69b90 100644 --- a/charts/network/charts/network-nodes/templates/_helpers.tpl +++ b/charts/network/charts/network-nodes/templates/_helpers.tpl @@ -131,10 +131,12 @@ Accepts either a YAML string or a list of init container maps and indents output Resolve pod and container security contexts using global defaults plus chart overrides. */}} {{- define "nodes.securityContexts" -}} -{{- $root := . -}} -{{- $globalValues := ($root.Values.global | default (dict)) -}} -{{- $globalSecurityContexts := dig "securityContexts" $globalValues (dict) -}} -{{- $pod := mergeOverwrite (deepCopy (dig "pod" $globalSecurityContexts (dict))) (default (dict) $root.Values.podSecurityContext) -}} -{{- $container := mergeOverwrite (deepCopy (dig "container" $globalSecurityContexts (dict))) (default (dict) $root.Values.securityContext) -}} -{{- dict "pod" $pod "container" $container | toYaml -}} +{{- $ctx := index . "ctx" -}} +{{- $dest := index . "dest" -}} +{{- $globalValues := ($ctx.Values.global | default (dict)) -}} +{{- $globalSecurityContexts := default (dict) (get $globalValues "securityContexts") -}} +{{- $podDefaults := default (dict) (get $globalSecurityContexts "pod") -}} +{{- $containerDefaults := default (dict) (get $globalSecurityContexts "container") -}} +{{- $_ := set $dest "pod" (mergeOverwrite (deepCopy $podDefaults) (default (dict) $ctx.Values.podSecurityContext)) -}} +{{- $_ := set $dest "container" (mergeOverwrite (deepCopy $containerDefaults) (default (dict) $ctx.Values.securityContext)) -}} {{- end -}} diff --git a/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml b/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml index d42b87b..dc9ac6c 100644 --- a/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml +++ b/charts/network/charts/network-nodes/templates/statefulset-rpc.yaml @@ -36,7 +36,8 @@ spec: {{- $initContainers := .Values.initContainers | default (dict) }} {{- $sharedInitContainers := get $initContainers "shared" }} {{- $rpcInitContainers := get $initContainers "rpc" }} - {{- $securityContexts := include "nodes.securityContexts" . | fromYaml }} + {{- $securityContexts := dict -}} + {{- include "nodes.securityContexts" (dict "ctx" . "dest" $securityContexts) -}} {{- $podSecurityContext := index $securityContexts "pod" }} {{- $containerSecurityContext := index $securityContexts "container" }} podManagementPolicy: Parallel diff --git a/charts/network/charts/network-nodes/templates/statefulset-validator.yaml b/charts/network/charts/network-nodes/templates/statefulset-validator.yaml index 20f7000..a434875 100644 --- a/charts/network/charts/network-nodes/templates/statefulset-validator.yaml +++ b/charts/network/charts/network-nodes/templates/statefulset-validator.yaml @@ -37,7 +37,8 @@ spec: {{- $initContainers := .Values.initContainers | default (dict) }} {{- $sharedInitContainers := get $initContainers "shared" }} {{- $validatorInitContainers := get $initContainers "validator" }} - {{- $securityContexts := include "nodes.securityContexts" . | fromYaml }} + {{- $securityContexts := dict -}} + {{- include "nodes.securityContexts" (dict "ctx" . "dest" $securityContexts) -}} {{- $podSecurityContext := index $securityContexts "pod" }} {{- $containerSecurityContext := index $securityContexts "container" }} podManagementPolicy: Parallel