add support for runtimeClassName

Signed-off-by: David Young <[email protected]>

Author: funkypenguin

charts/stable/skypilot/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: skypilot
 description: A Helm chart for deploying SkyPilot API server on Kubernetes
 type: application
-version: 0.0.1-pre-03
+version: 0.0.1-pre-04
 appVersion: "0.0"
 dependencies:
   - name: ingress-nginx

charts/stable/skypilot/templates/api-deployment.yaml

@@ -22,6 +22,7 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
+      runtimeClassName: {{ .Values.runtimeClassName }}
       containers:
       - name: skypilot-api
         image: {{ .Values.apiService.image }}

charts/stable/skypilot/values.yaml

@@ -128,8 +128,17 @@ gcpCredentials:
 
 # Set securityContext for the api pod (defaults to empty but allows users to override)
 securityContext:
-    runAsNonRoot: true
+  capabilities:
+    drop:
+    - ALL  
+  allowPrivilegeEscalation: false
 
 # Set securityContext for the api container inside the api pod (defaults to empty but allows users to override)
 podSecurityContext: 
-  runAsNonRoot: true
+  capabilities:
+    drop:
+    - ALL  
+  allowPrivilegeEscalation: false
+
+# Set the runtime class
+runtimeClassName: