From e3ab5addb576165bfec0a98fb63fb468d0acbc9c Mon Sep 17 00:00:00 2001
From: jackhauGR <jack.hau@gresearch.co.uk>
Date: Tue, 6 May 2025 16:12:44 +0100
Subject: [PATCH 1/2] update

---
 charts/pipelines/README.md                 |  2 ++
 charts/pipelines/templates/deployment.yaml | 10 ++++++++-
 charts/pipelines/values.yaml               | 25 ++++++++++++++++++++++
 3 files changed, 36 insertions(+), 1 deletion(-)

diff --git a/charts/pipelines/README.md b/charts/pipelines/README.md
index 0e50dda..1ad2929 100644
--- a/charts/pipelines/README.md
+++ b/charts/pipelines/README.md
@@ -33,6 +33,7 @@ helm upgrade --install open-webui open-webui/pipelines
 | affinity | object | `{}` | Affinity for pod assignment |
 | annotations | object | `{}` |  |
 | clusterDomain | string | `"cluster.local"` | Value of cluster domain |
+| containerSecurityContext | object | `{}` | Configure container security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe> |
 | extraEnvVars | list | `[{"name":"PIPELINES_URLS","value":"https://github.com/open-webui/pipelines/blob/main/examples/filters/detoxify_filter_pipeline.py"}]` | Additional environments variables on the output Deployment definition. These are used to pull initial Pipeline files, and help configure Pipelines with required values (e.g. Langfuse API keys) |
 | extraEnvVars[0] | object | `{"name":"PIPELINES_URLS","value":"https://github.com/open-webui/pipelines/blob/main/examples/filters/detoxify_filter_pipeline.py"}` | Example pipeline to pull and load on deployment startup, see current pipelines here: https://github.com/open-webui/pipelines/blob/main/examples |
 | extraInitContainers | list | `[]` | Additional init containers to add to the deployment ref: <https://kubernetes.io/docs/concepts/workloads/pods/init-containers/> |
@@ -60,6 +61,7 @@ helm upgrade --install open-webui open-webui/pipelines
 | persistence.storageClass | string | `""` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
+| podSecurityContext | object | `{}` | Configure pod security context ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container> |
 | replicaCount | int | `1` |  |
 | resources | object | `{}` |  |
 | service.annotations | object | `{}` |  |
diff --git a/charts/pipelines/templates/deployment.yaml b/charts/pipelines/templates/deployment.yaml
index 4bb2d78..e730a47 100644
--- a/charts/pipelines/templates/deployment.yaml
+++ b/charts/pipelines/templates/deployment.yaml
@@ -43,6 +43,10 @@ spec:
       {{- if .Values.serviceAccount.enable }}
       serviceAccountName: {{ .Values.serviceAccount.name | default (include "pipelines.name" .) }}
       {{- end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ .Chart.Name }}
         {{- with .Values.image }}
@@ -55,6 +59,10 @@ spec:
         {{- with .Values.resources }}
         resources: {{- toYaml . | nindent 10 }}
         {{- end }}
+        {{- with .Values.containerSecurityContext }}
+        securityContext:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
         volumeMounts:
         - name: data
           mountPath: /app/pipelines
@@ -97,4 +105,4 @@ spec:
       {{- end }}
       {{- with .Values.volumes }}
       {{- toYaml . | nindent 6 }}
-      {{- end }}
+      {{- end }}
\ No newline at end of file
diff --git a/charts/pipelines/values.yaml b/charts/pipelines/values.yaml
index 5ee4459..de31382 100644
--- a/charts/pipelines/values.yaml
+++ b/charts/pipelines/values.yaml
@@ -46,6 +46,31 @@ serviceAccount:
   enable: true
   automountServiceAccountToken: false
 
+# -- Configure pod security context
+# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container>
+podSecurityContext:
+  {}
+  # fsGroupChangePolicy: Always
+  # sysctls: []
+  # supplementalGroups: []
+  # fsGroup: 1001
+
+# -- Configure container security context
+# ref: <https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containe>
+containerSecurityContext:
+  {}
+  # runAsUser: 1001
+  # runAsGroup: 1001
+  # runAsNonRoot: true
+  # privileged: false
+  # allowPrivilegeEscalation: false
+  # readOnlyRootFilesystem: false
+  # capabilities:
+  #   drop:
+  #     - ALL
+  # seccompProfile:
+  #   type: "RuntimeDefault"
+
 # -- Node labels for pod assignment.
 nodeSelector: {}
 

From ac86a1bc759a63994c67be9659f29512434f9ca0 Mon Sep 17 00:00:00 2001
From: jackhauGR <jack.hau@gresearch.co.uk>
Date: Tue, 6 May 2025 17:02:32 +0100
Subject: [PATCH 2/2] updated version

---
 charts/pipelines/Chart.yaml | 2 +-
 charts/pipelines/README.md  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/charts/pipelines/Chart.yaml b/charts/pipelines/Chart.yaml
index 7a90f37..4ac60cc 100644
--- a/charts/pipelines/Chart.yaml
+++ b/charts/pipelines/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: pipelines
-version: 0.5.0
+version: 0.6.0
 appVersion: "alpha"
 
 home: https://github.com/open-webui/pipelines
diff --git a/charts/pipelines/README.md b/charts/pipelines/README.md
index 1ad2929..776abea 100644
--- a/charts/pipelines/README.md
+++ b/charts/pipelines/README.md
@@ -1,6 +1,6 @@
 # pipelines
 
-![Version: 0.5.0](https://img.shields.io/badge/Version-0.5.0-informational?style=flat-square) ![AppVersion: alpha](https://img.shields.io/badge/AppVersion-alpha-informational?style=flat-square)
+![Version: 0.6.0](https://img.shields.io/badge/Version-0.6.0-informational?style=flat-square) ![AppVersion: alpha](https://img.shields.io/badge/AppVersion-alpha-informational?style=flat-square)
 
 Pipelines: UI-Agnostic OpenAI API Plugin Framework