From 8b39c30dd6e43689a6bd8f3e512d7638e7cf2237 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Andr=C3=A9=20Frimberger?= <andre@intellisoft.de>
Date: Thu, 9 May 2024 10:27:14 +0200
Subject: [PATCH] feat(chart:k8up) add security context for cleanup hook
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: André Frimberger <andre@intellisoft.de>
---
 charts/k8up/Chart.yaml                  | 2 +-
 charts/k8up/templates/cleanup-hook.yaml | 4 ++++
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/charts/k8up/Chart.yaml b/charts/k8up/Chart.yaml
index 98fea299f..abbd68303 100644
--- a/charts/k8up/Chart.yaml
+++ b/charts/k8up/Chart.yaml
@@ -6,7 +6,7 @@ keywords:
   - backup
   - operator
   - restic
-version: 4.7.0
+version: 4.8.0
 sources:
   - https://github.com/k8up-io/k8up
 maintainers:
diff --git a/charts/k8up/templates/cleanup-hook.yaml b/charts/k8up/templates/cleanup-hook.yaml
index 7133feb4e..3d752843a 100644
--- a/charts/k8up/templates/cleanup-hook.yaml
+++ b/charts/k8up/templates/cleanup-hook.yaml
@@ -81,6 +81,8 @@ spec:
     spec:
       restartPolicy: Never
       serviceAccountName: cleanup-service-account
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
       - name: "{{ .Release.Name }}-cleanup"
         image: "{{ include "cleanupImage" . }}"
@@ -99,3 +101,5 @@ spec:
               kubectl -n "$ns" delete rolebinding pod-executor-namespaced --ignore-not-found=true
               kubectl -n "$ns" delete role pod-executor --ignore-not-found=true
             done
+        securityContext:
+          {{- toYaml .Values.securityContext | nindent 12 }}