Add support for priorityClass and containerSecurityContext #83 (#84)

lwolf · Mar 4, 2022 · 4282443 · 4282443
1 parent 9f1c509
commit 4282443
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 1 deletion.
diff --git a/deploy/helm/kube-cleanup-operator/Chart.yaml b/deploy/helm/kube-cleanup-operator/Chart.yaml
@@ -3,7 +3,7 @@ apiVersion: v2
 name: kube-cleanup-operator
 description: Kubernetes Operator to automatically delete completed Jobs and their Pods
 type: application
-version: 1.0.1
+version: 1.0.2
 appVersion: v0.8.1
 keywords:
 - kubernetes

diff --git a/deploy/helm/kube-cleanup-operator/README.md b/deploy/helm/kube-cleanup-operator/README.md
@@ -21,6 +21,7 @@ Kubernetes Operator to automatically delete completed Jobs and their Pods
 | args[4] | string | `"--delete-evicted-pods-after=60m"` |  |
 | args[5] | string | `"--delete-orphaned-pods-after=60m"` |  |
 | args[6] | string | `"--legacy-mode=false"` |  |
+| containerSecurityContext | string | `nil` |  |
 | envVariables | list | `[]` |  |
 | image.pullPolicy | string | `"IfNotPresent"` |  |
 | image.repository | string | `"quay.io/lwolf/kube-cleanup-operator"` |  |
@@ -31,6 +32,7 @@ Kubernetes Operator to automatically delete completed Jobs and their Pods
 | nodeSelector | object | `{}` |  |
 | podAnnotations | object | `{}` |  |
 | podLabels | object | `{}` |  |
+| priorityClassName | string | `nil` |  |
 | rbac.create | bool | `true` |  |
 | readinessProbe.failureThreshold | int | `3` |  |
 | readinessProbe.httpGet.path | string | `"/metrics"` |  |

diff --git a/deploy/helm/kube-cleanup-operator/templates/deployment.yaml b/deploy/helm/kube-cleanup-operator/templates/deployment.yaml
@@ -63,6 +63,9 @@ spec:
           {{- with .Values.resources }}
           resources: {{ toYaml . | nindent 12 }}
           {{- end }}
+          {{- with .Values.containerSecurityContext }}
+          securityContext: {{ toYaml . | nindent 8 }}
+          {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector: {{ toYaml . | nindent 8 }}
       {{- end }}
@@ -76,3 +79,6 @@ spec:
       {{- with .Values.securityContext }}
       securityContext: {{ toYaml . | nindent 8 }}
       {{- end }}
+      {{- if .Values.priorityClassName }}
+      priorityClassName: {{ .Values.priorityClassName }}
+      {{- end}}
diff --git a/deploy/helm/kube-cleanup-operator/values.yaml b/deploy/helm/kube-cleanup-operator/values.yaml
@@ -79,6 +79,17 @@ affinity: {}
 securityContext:
   # runAsUser: 65534  # run as nobody user
 
+# Security context settings at the container level
+containerSecurityContext: 
+  # runAsUser: 65534
+  # runAsNonRoot: true
+  # allowPrivilegeEscalation: false
+  # readOnlyRootFilesystem: true
+
+# Existing Priority class name to be used for the pod
+priorityClassName:
+  # addons-priority
+
 serviceAccount:
   # Specifies whether a ServiceAccount should be created
   create: true