From b3c81a0a384ddd0d262605aaba8b6ed59eab7492 Mon Sep 17 00:00:00 2001
From: GONCALO MARQUES <9379664+gonmmarques@users.noreply.github.com>
Date: Mon, 4 Nov 2024 17:03:33 +0000
Subject: [PATCH] feat: Move pod security context to manager

---
 charts/k6-operator/README.md                 |  4 +++-
 charts/k6-operator/templates/deployment.yaml |  4 ++--
 charts/k6-operator/values.schema.json        |  6 ++++++
 charts/k6-operator/values.yaml               | 15 ++++++++-------
 4 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/charts/k6-operator/README.md b/charts/k6-operator/README.md
index 179b58df..e268d738 100644
--- a/charts/k6-operator/README.md
+++ b/charts/k6-operator/README.md
@@ -40,7 +40,7 @@ Kubernetes: `>=1.16.0-0`
 | global.image.pullSecrets | list | `[]` | Optional set of global image pull secrets |
 | global.image.registry | string | `""` | Global image registry to use if it needs to be overridden for some specific use cases (e.g local registries, custom images, ...) |
 | installCRDs | bool | `true` | Installs CRDs as part of the release |
-| manager | object | `{"containerSecurityContext":{},"env":[],"envFrom":[],"image":{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"grafana/k6-operator","tag":"controller-v0.0.17"},"livenessProbe":{},"readinessProbe":{},"replicas":1,"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}},"serviceAccount":{"create":true,"name":"k6-operator-controller"}}` | controller-manager configuration |
+| manager | object | `{"containerSecurityContext":{},"env":[],"envFrom":[],"image":{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"grafana/k6-operator","tag":"controller-v0.0.17"},"livenessProbe":{},"podSecurityContext":{},"readinessProbe":{},"replicas":1,"resources":{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}},"serviceAccount":{"create":true,"name":"k6-operator-controller"}}` | controller-manager configuration |
 | manager.containerSecurityContext | object | `{}` | A security context defines privileges and access control settings for the container. |
 | manager.env | list | `[]` | List of environment variables to set in the controller |
 | manager.envFrom | list | `[]` | List of sources to populate environment variables in the controller |
@@ -49,6 +49,7 @@ Kubernetes: `>=1.16.0-0`
 | manager.image.repository | string | `"grafana/k6-operator"` | controller-manager image repository |
 | manager.image.tag | string | `"controller-v0.0.17"` | controller-manager image tag |
 | manager.livenessProbe | object | `{}` | Liveness probe in Probe format |
+| manager.podSecurityContext | object | `{}` | A security context defines privileges and access control settings for a Pod |
 | manager.readinessProbe | object | `{}` | Readiness probe in Probe format |
 | manager.replicas | int | `1` | number of controller-manager replicas (default: 1) |
 | manager.resources | object | `{"limits":{"cpu":"100m","memory":"100Mi"},"requests":{"cpu":"100m","memory":"50Mi"}}` | controller-manager Resources definition |
@@ -67,3 +68,4 @@ Kubernetes: `>=1.16.0-0`
 | podLabels | object | `{}` | Custom Label to be applied on all pods |
 | prometheus.enabled | bool | `false` | enables the prometheus metrics scraping (default: false) |
 | tolerations | list | `[]` | Tolerations to be applied on all containers |
+
diff --git a/charts/k6-operator/templates/deployment.yaml b/charts/k6-operator/templates/deployment.yaml
index 9edb1873..c8eb6614 100644
--- a/charts/k6-operator/templates/deployment.yaml
+++ b/charts/k6-operator/templates/deployment.yaml
@@ -26,9 +26,9 @@ spec:
         {{- include "k6-operator.podAnnotations" . | default "" | nindent 8 }}
       {{- end }}
     spec:
-      {{- if .Values.global.podSecurityContext }}
+      {{- if .Values.manager.podSecurityContext }}
       securityContext:
-        {{- toYaml .Values.global.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.manager.podSecurityContext | nindent 8 }}
       {{- end }}
       containers:
         - name: manager
diff --git a/charts/k6-operator/values.schema.json b/charts/k6-operator/values.schema.json
index 6e6457db..f153c2af 100644
--- a/charts/k6-operator/values.schema.json
+++ b/charts/k6-operator/values.schema.json
@@ -179,6 +179,12 @@
           "title": "livenessProbe",
           "type": "object"
         },
+        "podSecurityContext": {
+          "additionalProperties": true,
+          "description": "manager.podSecurityContext -- A security context defines privileges and access control settings for a Pod",
+          "title": "podSecurityContext",
+          "type": "object"
+        },
         "readinessProbe": {
           "additionalProperties": true,
           "description": "manager.readinessProbe -- Readiness probe in Probe format",
diff --git a/charts/k6-operator/values.yaml b/charts/k6-operator/values.yaml
index 04e5e5b1..7d4e9d22 100644
--- a/charts/k6-operator/values.yaml
+++ b/charts/k6-operator/values.yaml
@@ -23,13 +23,6 @@ global:
     # global.image.pullSecrets -- Optional set of global image pull secrets
     pullSecrets: []
 
-  # @schema
-  # required: false
-  # type: object
-  # @schema
-  # global.podSecurityContext -- A security context defines privileges and access control settings for a Pod
-  podSecurityContext: {}
-
 # @schema
 # additionalProperties: true
 # required: false
@@ -331,3 +324,11 @@ manager:
   # @schema
   # manager.containerSecurityContext -- A security context defines privileges and access control settings for the container.
   containerSecurityContext: {}
+
+  # @schema
+  # additionalProperties: true
+  # required: false
+  # type: object
+  # @schema
+  # manager.podSecurityContext -- A security context defines privileges and access control settings for a pod.
+  podSecurityContext: {}