refactor: collecting securityContexts as parameter in vaules

templates/injector-deployment.yaml

@@ -40,25 +40,15 @@ spec:
       serviceAccountName: "{{ template "vault.fullname" . }}-agent-injector"
       {{- if not .Values.global.openshift }}
       hostNetwork: {{ .Values.injector.hostNetwork }}
-      securityContext:
-        runAsNonRoot: true
-        runAsGroup: {{ .Values.injector.gid | default 1000 }}
-        runAsUser: {{ .Values.injector.uid | default 100 }}
-        fsGroup: {{ .Values.injector.uid | default 100 }}
-        supplementalGroups:
-          - {{ .Values.injector.uid | default 100 }}
+      securityContext: {{ .Values.podSecurityContext }}
       {{- end }}
       containers:
         - name: sidecar-injector
           {{ template "injector.resources" . }}
           image: "{{ .Values.injector.image.repository }}:{{ .Values.injector.image.tag }}"
           imagePullPolicy: "{{ .Values.injector.image.pullPolicy }}"
           {{- if not .Values.global.openshift }}
-          securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
+          securityContext: {{ .Values.securityContext }}
           {{- end }}
           env:
             - name: AGENT_INJECT_LISTEN

values.yaml

@@ -202,6 +202,22 @@ injector:
     certName: tls.crt
     keyName: tls.key
 
+  # Default pod security context for vault-injector
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsGroup: 1000
+    runAsUser: 100
+    fsGroup: 100
+    supplementalGroups:
+      - 100
+
+  # Default container security context for vault-injector
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
+
   resources: {}
   # resources:
   #   requests: