From 887c4527b5cfb371d2c72c323cdd3447f663492d Mon Sep 17 00:00:00 2001
From: germaino <olivier.germain1212@gmail.com>
Date: Wed, 1 Mar 2023 21:42:35 +0100
Subject: [PATCH] Missing pod annotation and security constraint in helm chart
 (#356)

Add option to add pod annotation and pod security constraint
in helm charts

Change-Id: I1fc7d7d2ca60411439669921fb6a353bb001225a

Co-authored-by: Olivier Germain <olivier.germain@schneider-electric.com>
---
 chart/docker-auth/Chart.yaml                |  2 +-
 chart/docker-auth/templates/deployment.yaml | 17 +++++++++++++++++
 chart/docker-auth/values.yaml               | 10 ++++++++++
 3 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/chart/docker-auth/Chart.yaml b/chart/docker-auth/Chart.yaml
index 432d4ef8..42c0a4df 100644
--- a/chart/docker-auth/Chart.yaml
+++ b/chart/docker-auth/Chart.yaml
@@ -2,7 +2,7 @@ apiVersion: v2
 appVersion: "1.8.0"
 description: Docker Registry V2 authentication server
 name: docker-auth
-version: 1.3.0
+version: 1.4.0
 keywords:
 - docker
 - registry
diff --git a/chart/docker-auth/templates/deployment.yaml b/chart/docker-auth/templates/deployment.yaml
index 83cb946d..26901b38 100755
--- a/chart/docker-auth/templates/deployment.yaml
+++ b/chart/docker-auth/templates/deployment.yaml
@@ -20,10 +20,27 @@ spec:
         app.kubernetes.io/instance: {{ .Release.Name }}
       annotations:
         checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}        
+    {{- if .Values.podAnnotations }}
+      {{- range $key, $value := .Values.podAnnotations }}
+        {{ $key }}: {{ $value | quote }}
+      {{- end }}
+    {{- end }}
     spec:
+  {{- if .Values.podSecurityContext }}
+    {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+  {{- end }}
       containers:
         - name: {{ .Chart.Name }}
           image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+      {{- if .Values.containerSecurityContext }}
+        {{- with .Values.containerSecurityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+        {{- end }}
+      {{- end }}
           args: ["--v={{ .Values.logging.level }}", "-logtostderr", "/config/auth_config.yml"]
           volumeMounts:
           - name: {{ include "docker-auth.name" . }}-config
diff --git a/chart/docker-auth/values.yaml b/chart/docker-auth/values.yaml
index d6208857..caa2b169 100644
--- a/chart/docker-auth/values.yaml
+++ b/chart/docker-auth/values.yaml
@@ -78,3 +78,13 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+# podAnnotations to use for the deployment. Optional
+podAnnotations: {}
+
+# SecurityContext at container level to use for the deployment. Optional
+containerSecurityContext: {}
+
+# SecurityContext at pod level to use for the deployment. Optional
+podSecurityContext: {}
+