From fadeac2a5cf0e187ee1b04415f68a335792139c3 Mon Sep 17 00:00:00 2001
From: Angel Kafazov <akafazov@cst-bg.net>
Date: Fri, 20 Dec 2024 12:16:34 +0200
Subject: [PATCH] fix: separate POD and Container security contexts (#150)

* fix: separate POD and Container security contexts
* feat: enhance container security context with non-root user and seccomp profile

---------

On-behalf-of: @SAP angel.kafazov@sap.com
Signed-off-by: Angel Kafazov <akafazov@cst-bg.net>
---
 charts/common/Chart.yaml                       |  2 +-
 charts/common/templates/_deploymentHelpers.tpl | 11 ++++++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/charts/common/Chart.yaml b/charts/common/Chart.yaml
index cfda355ae..4625734ed 100644
--- a/charts/common/Chart.yaml
+++ b/charts/common/Chart.yaml
@@ -4,4 +4,4 @@ description: A Helm chart containing reuse templates
 
 type: library
 
-version: 0.2.2
+version: 0.2.3
diff --git a/charts/common/templates/_deploymentHelpers.tpl b/charts/common/templates/_deploymentHelpers.tpl
index 32cd1773e..486a71a13 100644
--- a/charts/common/templates/_deploymentHelpers.tpl
+++ b/charts/common/templates/_deploymentHelpers.tpl
@@ -122,10 +122,19 @@ readinessProbe:
   protocol: TCP
 {{- end -}}
 
+
 {{- define "common.container.securityContext" -}}
 securityContext:
-  runAsNonRoot: true
   readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
+{{- end }}
+
+
+{{- define "common.pod.securityContext" -}}
+securityContext:
+  runAsNonRoot: true
   seccompProfile:
     type: RuntimeDefault
 serviceAccountName: {{ include "common.entity.name" }}