feat: add securityContext (#33)

* feat: add securityContext
* chore: bump version to 0.2.0

flink/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v1
 appVersion: 1.11.2
 description: Chart for Apache Flink
 name: flink
-version: 0.1.19
+version: 0.2.0
 maintainers:
   - name: charts-maintainers
     email: charts-maintainers@riskfocus.com

flink/templates/jobmanager.yaml

@@ -44,7 +44,9 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
     {{- end }}
-      serviceAccount: {{ include "jobmanager.serviceAccount" . }}
+      serviceAccountName: {{ include "jobmanager.serviceAccount" . }}
+      securityContext:
+        {{ toYaml .Values.securityContext | indent 8 }}
       initContainers:
       {{- range $ct, $params := .Values.jobmanager.initContainers }}
         - name: {{ $ct }}

flink/templates/taskmanager.yaml

@@ -44,7 +44,9 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
     {{- end }}
-      serviceAccount: {{ include "taskmanager.serviceAccount" . }}
+      serviceAccountName: {{ include "taskmanager.serviceAccount" . }}
+      securityContext:
+        {{ toYaml .Values.securityContext | indent 8 }}
       initContainers:
       {{- range $ct, $params := .Values.taskmanager.initContainers }}
         - name: {{ $ct }}

flink/values.yaml

@@ -11,6 +11,14 @@ image:
   pullPolicy: IfNotPresent
 imagePullSecrets: []
 
+# Pod Security Context
+# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext: {}
+# securityContext:
+#   fsGroup: 1000
+#   runAsUser: 1000
+#   runAsNonRoot: true
+
 # For general configuration
 flink:
   # logging, log4j configuration copied from Flink distribution