Merge pull request #90 from davidkarlsen/issue83

Fix user configurability and securityContexts.

deployments/kubernetes/chart/gitwebhookproxy/templates/configmap.yaml

@@ -19,9 +19,5 @@ data:
     {{- with .Values.gitWebhookProxy.config.allowedPaths }}
     allowedPaths: {{ . }}
     {{- end }}
-    {{- with .Values.gitWebhookProxy.config.ignoredUsers }}
-    ignoredUsers: {{ . }}
-    {{- end }}
-    {{- with .Values.gitWebhookProxy.config.allowedUsers }}
-    allowedUsers: {{ . }}
-    {{- end }}
+    ignoredUsers: {{ .Values.gitWebhookProxy.config.ignoredUsers | default "" | quote }}
+    allowedUsers: {{ .Values.gitWebhookProxy.config.allowedUsers | default "" | quote }}

deployments/kubernetes/chart/gitwebhookproxy/templates/deployment.yaml

@@ -28,6 +28,9 @@ spec:
       labels:
 {{ include "gitwebhookproxy.labels.selector" . | indent 8 }}
     spec:
+      {{- with .Values.gitWebhookProxy.podSecurityContext }}
+      securityContext: {{ . | toYaml | nindent 8 }}
+      {{- end }}
       containers:
       - env:
         - name: KUBERNETES_NAMESPACE
@@ -92,6 +95,9 @@ spec:
             {{- end }}
         image: "{{ .Values.gitWebhookProxy.image.name }}:{{ .Values.gitWebhookProxy.image.tag }}"
         imagePullPolicy: {{ .Values.gitWebhookProxy.image.pullPolicy }}
+        {{- with .Values.gitWebhookProxy.securityContext }}
+        securityContext: {{ . | toYaml | nindent 10 }}
+        {{- end }}
       {{- if .Values.gitWebhookProxy.useCustomName }}
         name: {{ .Values.gitWebhookProxy.customName }}
       {{- else }}

deployments/kubernetes/chart/gitwebhookproxy/values.yaml

@@ -33,6 +33,12 @@ gitWebhookProxy:
         port: 80
         protocol: TCP
         targetPort: 8080
+  securityContext:
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+  podSecurityContext:
+    runAsUser: 1001
+    runAsNonRoot: true
   ingress:
     enabled: false
     annotations: