feat: added security context (#1)

Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: redis-cluster
 description: A redis-cluster helm chart
 type: application
-version: 0.1.0
-appVersion: "0.1.0"
+version: 0.2.0
+appVersion: "0.2.0"

README.md

@@ -11,16 +11,22 @@ This repository contains Redis cluster helm charts that can survive pod restarts
 |--|--|--|
  `nameOverride` | String to override `redis-cluster.name` template | `redis-cluster`
 `fullnameOverride` | String to override `redis-cluster.fullname`  `template` | `redis-cluster`
-`redis.image` | Redis docker image | `redis:7.2.3`
+`securityContext.enabled` | Whether to enable pod's container security context or not | `false`
+`securityContext` | Pod's security context | `{}`
+`redis.image` | Redis docker image | `redis:7.2.4`
 `redis.port` | Redis server port | `6379`
 `redis.bus` | Redis cluster bus port | `16379`
+`redis.securityContext.enabled` | Whether to enable the Redis container security context or not | `false`
+`redis.securityContext` | Redis container security context | `{}`
 `redis.resources` | The resources of the redis container | `{}`
 `redis.minReadySeconds` | minimum number of seconds for which a newly created Pod should be running and ready without any of its containers crashing, for it to be considered available | `10`
 `cluster.init` | A boolean to specify whether the cluster should be initialized. (Can be false when cluster is already created and maybe you just want to change the resources of the cluster) | `true`
 `cluster.master` | Number of master nodes | `3`
 `cluster.replicas` | Number of replicas of each master | `1`
 `metrics.enabled` | Turn on/off Redis exporter | `true`
-`metrics.image` | Docker image of Redis exporter | `oliver006/redis_exporter:v1.55.0`
+`metrics.image` | Docker image of Redis exporter | `oliver006/redis_exporter:v1.56.0`
+`metrics.securityContext.enabled` | Whether to enable metrics container security context | `false`
+`metrics.securityContext` | Metric's container security context | `{}`
 `metrics.resources` | Resources of metrics container | `{}`
 `metrics.serviceMonitor.enabled` | Create a service monitor if `metrics` is enabled | `true`
 `metrics.serviceMonitor.interval` | Metrics scraping interval | `30s`

templates/statefulset.yaml

@@ -16,6 +16,9 @@ spec:
     metadata:
       labels: {{ include "redis-cluster.labels" . | nindent 8 }}
     spec:
+      {{- if and .Values.securityContext .Values.securityContext.enabled }}
+      securityContext: {{ omit .Values.securityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
       initContainers:
         - name: fix-outdated-ips
           image: ubuntu:24.04
@@ -35,6 +38,9 @@ spec:
       containers:
         - name: redis
           image: {{ .Values.redis.image }}
+          {{- if and .Values.redis.securityContext .Values.redis.securityContext.enabled }}
+          securityContext: {{ omit .Values.redis.securityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           {{- with .Values.redis.resources }}
           resources: {{ toYaml . | nindent 12 }}
           {{- end}}
@@ -57,6 +63,9 @@ spec:
         {{- if .enabled }}
         - name: metrics
           image: {{ .image }}
+          {{- if and .securityContext .securityContext.enabled }}
+          securityContext: {{ omit .securityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           {{- with .resources }}
           resources: {{ toYaml . | nindent 12 }}
           {{- end}}

values.yaml

@@ -2,22 +2,29 @@ nameOverride: ""
 fullnameOverride: ""
 
 redis:
-  image: redis:7.2.3
+  image: redis:7.2.4
   port: 6379
   bus: 16379
   minReadySeconds: 0
+  securityContext:
+    enabled: false
 
 cluster:
   init: true
   master: 3
   replicas: 1
 
+securityContext:
+  enabled: false
+
 metrics:
   enabled: true
-  image: oliver006/redis_exporter:v1.55.0
+  image: oliver006/redis_exporter:v1.56.0
   serviceMonitor:
     enabled: true
     interval: "30s"
+  securityContext:
+    enabled: false
 
 service:
   enabled: true