From f0f7ebbe9af680b338709391cf1c0da7c2270ce5 Mon Sep 17 00:00:00 2001
From: Victor Gonzalez <victorgs@users.noreply.github.com>
Date: Tue, 5 Dec 2023 04:40:39 +0100
Subject: [PATCH] helm: ability to specify security context for pod (#1311)

* helm: ability to specify security context for pod

* Update charts/descheduler/templates/cronjob.yaml

Co-authored-by: Amir Alavi <amiralavi7@gmail.com>

* Update charts/descheduler/templates/deployment.yaml

Co-authored-by: Amir Alavi <amiralavi7@gmail.com>

---------

Co-authored-by: Amir Alavi <amiralavi7@gmail.com>
---
 charts/descheduler/templates/cronjob.yaml    | 4 ++++
 charts/descheduler/templates/deployment.yaml | 4 ++++
 charts/descheduler/values.yaml               | 4 ++++
 3 files changed, 12 insertions(+)

diff --git a/charts/descheduler/templates/cronjob.yaml b/charts/descheduler/templates/cronjob.yaml
index 6a7a6b662..6fb116b10 100644
--- a/charts/descheduler/templates/cronjob.yaml
+++ b/charts/descheduler/templates/cronjob.yaml
@@ -88,6 +88,10 @@ spec:
               volumeMounts:
                 - mountPath: /policy-dir
                   name: policy-volume
+          {{- if .Values.podSecurityContext }}
+          securityContext:
+            {{- toYaml .Values.podSecurityContext | nindent 12 }}
+          {{- end }}
           volumes:
           - name: policy-volume
             configMap:
diff --git a/charts/descheduler/templates/deployment.yaml b/charts/descheduler/templates/deployment.yaml
index a00ab7bc6..73e1e2109 100644
--- a/charts/descheduler/templates/deployment.yaml
+++ b/charts/descheduler/templates/deployment.yaml
@@ -68,6 +68,10 @@ spec:
           volumeMounts:
             - mountPath: /policy-dir
               name: policy-volume
+      {{- if .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
       volumes:
         - name: policy-volume
           configMap:
diff --git a/charts/descheduler/values.yaml b/charts/descheduler/values.yaml
index 0500c3462..afc3b8ca3 100644
--- a/charts/descheduler/values.yaml
+++ b/charts/descheduler/values.yaml
@@ -32,6 +32,10 @@ securityContext:
   runAsNonRoot: true
   runAsUser: 1000
 
+# podSecurityContext -- [Security context for pod](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/)
+podSecurityContext: {}
+  # fsGroup: 1000
+
 nameOverride: ""
 fullnameOverride: ""