[bitcoin-core] add initContainerSecurityContext option

CharlieC3 · CharlieC3 · commit 39baf5b81f17 · 2022-09-27T09:52:33.000-04:00
diff --git a/hirosystems/bitcoin-core/Chart.yaml b/hirosystems/bitcoin-core/Chart.yaml
@@ -25,4 +25,4 @@ sources:
   - https://github.com/bitcoin/bitcoin
   - https://github.com/ruimarinho/docker-bitcoin-core
   - https://bitcoin.org
-version: 1.0.1
+version: 1.1.0
diff --git a/hirosystems/bitcoin-core/templates/statefulset.yaml b/hirosystems/bitcoin-core/templates/statefulset.yaml
@@ -88,8 +88,8 @@ spec:
               else
                 echo "Previous data found. Exiting."
               fi
-          {{- if .Values.containerSecurityContext.enabled }}
-          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- if .Values.initContainerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.initContainerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.resources }}
           resources: {{- toYaml .Values.resources | nindent 12 }}
@@ -109,9 +109,9 @@ spec:
             - /bin/bash
             - -ec
             - |
-              chown -R {{ .Values.containerSecurityContext.runAsUser }}:{{ .Values.containerSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
-          {{- if .Values.containerSecurityContext.enabled }}
-          securityContext: {{- omit .Values.containerSecurityContext "enabled" | toYaml | nindent 12 }}
+              chown -R {{ .Values.initContainerSecurityContext.runAsUser }}:{{ .Values.initContainerSecurityContext.fsGroup }} {{ .Values.persistence.mountPath }}
+          {{- if .Values.initContainerSecurityContext.enabled }}
+          securityContext: {{- omit .Values.initContainerSecurityContext "enabled" | toYaml | nindent 12 }}
           {{- end }}
           {{- if .Values.volumePermissions.resources }}
           resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
diff --git a/hirosystems/bitcoin-core/values.yaml b/hirosystems/bitcoin-core/values.yaml
@@ -228,6 +228,19 @@ containerSecurityContext:
   runAsNonRoot: true
   readOnlyRootFilesystem: false
 
+## Configure Init Container Security Context
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
+## @param initContainerSecurityContext.enabled Enabled bitcoin-core init containers' Security Context
+## @param initContainerSecurityContext.runAsUser Set bitcoin-core init containers' Security Context runAsUser
+## @param initContainerSecurityContext.runAsNonRoot Set bitcoin-core init containers' Security Context runAsNonRoot
+## @param initContainerSecurityContext.readOnlyRootFilesystem Set bitcoin-core init containers' Security Context runAsNonRoot
+##
+initContainerSecurityContext:
+  enabled: false
+  runAsUser: 1001
+  runAsNonRoot: true
+  readOnlyRootFilesystem: false
+
 ## @param existingConfigmap The name of an existing ConfigMap with your custom configuration for bitcoin-core
 ##
 existingConfigmap:
