From 92dd1bd8b08c5173f72a6c333f626c63aa05a1d3 Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Fri, 14 Jun 2024 10:05:24 +0200
Subject: [PATCH] feat: add spec.template.spec.securityContext  (#1109)

* feat: add spec.template.spec.securityContext

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>

* make securityContext adjustable

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>

* adjust values.yaml accordingly to enable adjustable securityContext

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>

* Remove default values from securityContext

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>

---------

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
Co-authored-by: Aris Boutselis <arisboutselis08@gmail.com>
Co-authored-by: Alex Jones <alexsimonjones@gmail.com>
---
 charts/k8sgpt/templates/deployment.yaml | 4 ++++
 charts/k8sgpt/values.yaml               | 5 ++++-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/charts/k8sgpt/templates/deployment.yaml b/charts/k8sgpt/templates/deployment.yaml
index 4fa0470552..39219f7b90 100644
--- a/charts/k8sgpt/templates/deployment.yaml
+++ b/charts/k8sgpt/templates/deployment.yaml
@@ -21,6 +21,10 @@ spec:
         app.kubernetes.io/name: {{ include "k8sgpt.name" . }}
         app.kubernetes.io/instance: {{ .Release.Name }}
     spec:
+      {{- if .Values.deployment.securityContext }}
+      securityContext:
+        {{- toYaml .Values.deployment.securityContext | nindent 8 }}
+      {{ end -}}
       serviceAccountName: {{ template "k8sgpt.fullname" . }}
       containers:
       - name: k8sgpt-container
diff --git a/charts/k8sgpt/values.yaml b/charts/k8sgpt/values.yaml
index ed855a2d6b..7a48bd1360 100644
--- a/charts/k8sgpt/values.yaml
+++ b/charts/k8sgpt/values.yaml
@@ -14,7 +14,10 @@ deployment:
     requests:
       cpu: "0.2"
       memory: "156Mi"
-
+  securityContext: {}
+  # Set securityContext.runAsUser/runAsGroup if necessary. Values below were taken from https://github.com/k8sgpt-ai/k8sgpt/blob/main/container/Dockerfile
+  # runAsUser: 65532
+  # runAsGroup: 65532
 secret:
   secretKey: "" # base64 encoded OpenAI token