feat: add security context values in operator chart (#973)

Signed-off-by: drivebyer <[email protected]>

.github/workflows/publish-charts.yaml

@@ -9,8 +9,71 @@ on:
       - master
 
 jobs:
+  lint-charts:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.5.4
+
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+          check-latest: true
+
+      - name: Set up chart-testing
+        uses: helm/[email protected]
+
+      - name: Run chart-testing (lint)
+        run: |
+          ct lint --config ct.yaml
+
+  test-charts:
+    needs:
+      - lint-charts
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out code
+        uses: actions/checkout@v2
+
+      - name: Create k8s Kind Cluster
+        uses: helm/[email protected]
+        with:
+          cluster_name: kind
+
+      - name: Install Helm
+        uses: azure/setup-helm@v3
+        with:
+          version: v3.5.4
+
+      - name: Install yq
+        run: |
+          sudo snap install yq
+
+      - name: Install and test Redis Related Helm charts
+        run: |
+          kubectl cluster-info --context kind-kind
+          chart_dirs=("redis-operator")
+          for dir in "${chart_dirs[@]}"
+          do
+            if [[ -f ./charts/$dir/Chart.yaml ]]; then
+              helm dependency update ./charts/$dir/
+            fi
+            helm install $dir ./charts/$dir/
+            helm test $dir
+          done
+          echo "Listing installed Helm charts..."
+
   release-charts:
     runs-on: ubuntu-latest
+    needs:
+      - test-charts
     steps:
       - name: Checkout
         uses: actions/checkout@v3

charts/redis-operator/Chart.yaml

@@ -1,6 +1,6 @@
 ---
 apiVersion: v2
-version: 0.16.1
+version: 0.16.2
 appVersion: "0.17.0"
 description: Provides easy redis setup definitions for Kubernetes services, and deployment.
 engine: gotpl
@@ -25,4 +25,4 @@ dependencies:
     version: v1.12.4
     repository: https://charts.jetstack.io
     alias: certmanager
-    condition: certmanager.enabled
+    condition: certmanager.enabled

charts/redis-operator/templates/operator-deployment.yaml

@@ -21,8 +21,12 @@ spec:
       {{- toYaml . | nindent 8 }}
       {{- end }}
     spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
       - name: "{{ .Values.redisOperator.name }}"
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 10 }}
         image: "{{ .Values.redisOperator.imageName }}:{{ .Values.redisOperator.imageTag | default (printf "v%s" .Chart.AppVersion) }}"
         imagePullPolicy: {{ .Values.redisOperator.imagePullPolicy }}
         command:

charts/redis-operator/values.yaml

@@ -58,3 +58,14 @@ nodeSelector: {}
 tolerateAllTaints: false
 tolerations: []
 affinity: {}
+
+podSecurityContext: {}
+#  fsGroup: 2000
+
+securityContext: {}
+#  capabilities:
+#    drop:
+#    - ALL
+#  readOnlyRootFilesystem: true
+#  runAsNonRoot: true
+#  runAsUser: 1000

ct.yaml

@@ -0,0 +1,7 @@
+---
+remote: origin
+target-branch: master
+chart-dirs:
+  - charts
+chart-repos:
+  - ot-helm=https://ot-container-kit.github.io/helm-charts