From c7ddd654488225c3d30d4ae66c23708e5093cb49 Mon Sep 17 00:00:00 2001 From: AshutoshNirkhe Date: Mon, 28 Feb 2022 18:52:57 +0530 Subject: [PATCH] Add support for priorityClass and containerSecurityContext #83 --- deploy/helm/kube-cleanup-operator/Chart.yaml | 2 +- deploy/helm/kube-cleanup-operator/README.md | 2 ++ .../kube-cleanup-operator/templates/deployment.yaml | 6 ++++++ deploy/helm/kube-cleanup-operator/values.yaml | 11 +++++++++++ 4 files changed, 20 insertions(+), 1 deletion(-) diff --git a/deploy/helm/kube-cleanup-operator/Chart.yaml b/deploy/helm/kube-cleanup-operator/Chart.yaml index 3f101c22..91967f30 100644 --- a/deploy/helm/kube-cleanup-operator/Chart.yaml +++ b/deploy/helm/kube-cleanup-operator/Chart.yaml @@ -3,7 +3,7 @@ apiVersion: v2 name: kube-cleanup-operator description: Kubernetes Operator to automatically delete completed Jobs and their Pods type: application -version: 1.0.1 +version: 1.0.2 appVersion: v0.8.1 keywords: - kubernetes diff --git a/deploy/helm/kube-cleanup-operator/README.md b/deploy/helm/kube-cleanup-operator/README.md index dff717df..5d6ea33e 100644 --- a/deploy/helm/kube-cleanup-operator/README.md +++ b/deploy/helm/kube-cleanup-operator/README.md @@ -21,6 +21,7 @@ Kubernetes Operator to automatically delete completed Jobs and their Pods | args[4] | string | `"--delete-evicted-pods-after=60m"` | | | args[5] | string | `"--delete-orphaned-pods-after=60m"` | | | args[6] | string | `"--legacy-mode=false"` | | +| containerSecurityContext | string | `nil` | | | envVariables | list | `[]` | | | image.pullPolicy | string | `"IfNotPresent"` | | | image.repository | string | `"quay.io/lwolf/kube-cleanup-operator"` | | @@ -31,6 +32,7 @@ Kubernetes Operator to automatically delete completed Jobs and their Pods | nodeSelector | object | `{}` | | | podAnnotations | object | `{}` | | | podLabels | object | `{}` | | +| priorityClassName | string | `nil` | | | rbac.create | bool | `true` | | | readinessProbe.failureThreshold | int | `3` | | | readinessProbe.httpGet.path | string | `"/metrics"` | | diff --git a/deploy/helm/kube-cleanup-operator/templates/deployment.yaml b/deploy/helm/kube-cleanup-operator/templates/deployment.yaml index aeb69c3a..941fb6e6 100644 --- a/deploy/helm/kube-cleanup-operator/templates/deployment.yaml +++ b/deploy/helm/kube-cleanup-operator/templates/deployment.yaml @@ -63,6 +63,9 @@ spec: {{- with .Values.resources }} resources: {{ toYaml . | nindent 12 }} {{- end }} + {{- with .Values.containerSecurityContext }} + securityContext: {{ toYaml . | nindent 8 }} + {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | nindent 8 }} {{- end }} @@ -76,3 +79,6 @@ spec: {{- with .Values.securityContext }} securityContext: {{ toYaml . | nindent 8 }} {{- end }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName }} + {{- end}} diff --git a/deploy/helm/kube-cleanup-operator/values.yaml b/deploy/helm/kube-cleanup-operator/values.yaml index 8cb0b64c..ed4eeac9 100644 --- a/deploy/helm/kube-cleanup-operator/values.yaml +++ b/deploy/helm/kube-cleanup-operator/values.yaml @@ -79,6 +79,17 @@ affinity: {} securityContext: # runAsUser: 65534 # run as nobody user +# Security context settings at the container level +containerSecurityContext: + # runAsUser: 65534 + # runAsNonRoot: true + # allowPrivilegeEscalation: false + # readOnlyRootFilesystem: true + +# Existing Priority class name to be used for the pod +priorityClassName: + # addons-priority + serviceAccount: # Specifies whether a ServiceAccount should be created create: true