From 3110da73e943e70fac8af92260c42624caf20370 Mon Sep 17 00:00:00 2001
From: bakito <github@bakito.ch>
Date: Wed, 27 Nov 2024 13:35:03 +0100
Subject: [PATCH] feat(deploy) Allow setting
 resources/podLabels/podAnnotations/podSecurityContext/securityContext in
 operator chart

Signed-off-by: bakito <github@bakito.ch>
---
 deployments/helm/KubeArmorOperator/README.md  |  5 +++++
 .../templates/deployment.yaml                 | 19 +++++++++++++++++++
 .../helm/KubeArmorOperator/values.yaml        |  6 ++++++
 3 files changed, 30 insertions(+)

diff --git a/deployments/helm/KubeArmorOperator/README.md b/deployments/helm/KubeArmorOperator/README.md
index b16c2b4c8c..a15185a3f8 100644
--- a/deployments/helm/KubeArmorOperator/README.md
+++ b/deployments/helm/KubeArmorOperator/README.md
@@ -23,6 +23,11 @@ helm upgrade --install kubearmor-operator . -n kubearmor --create-namespace
 | kubearmorOperator.image.repository | string | kubearmor/kubearmor-operator | image repository to pull KubeArmorOperator from |
 | kubearmorOperator.image.tag | string | latest | KubeArmorOperator image tag |
 | kubearmorOperator.imagePullPolicy | string | IfNotPresent | pull policy for operator image |
+| kubearmorOperator.podLabels | object | {} | additional pod labels |
+| kubearmorOperator.podAnnotations | object | {} | additional pod annotations |
+| kubearmorOperator.resources | object | {} | operator container resources |
+| kubearmorOperator.podSecurityContext | object | {} | pod security context |
+| kubearmorOperator.securityContext | object | {} | operator container security context |
 | kubearmorConfig | object | [values.yaml](values.yaml) | KubeArmor default configurations |
 | autoDeploy | bool | false | Auto deploy KubeArmor with default configurations |
 
diff --git a/deployments/helm/KubeArmorOperator/templates/deployment.yaml b/deployments/helm/KubeArmorOperator/templates/deployment.yaml
index 9a117a1b76..fa32a9314b 100644
--- a/deployments/helm/KubeArmorOperator/templates/deployment.yaml
+++ b/deployments/helm/KubeArmorOperator/templates/deployment.yaml
@@ -13,7 +13,18 @@ spec:
     metadata:
       labels:
         kubearmor-app: {{ .Values.kubearmorOperator.name }}
+      {{- with .Values.kubearmorOperator.podLabels }}
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
+      {{- with .Values.kubearmorOperator.podAnnotations }}
+      annotations:
+        {{- . | toYaml | nindent 8 }}
+      {{- end }}
     spec:
+      {{- with .Values.kubearmorOperator.podSecurityContext }}
+      securityContext:
+            {{- toYaml . | nindent 8 }}
+      {{- end }}
       containers:
       - name: {{ .Values.kubearmorOperator.name }}
         env:
@@ -35,6 +46,14 @@ spec:
         {{- toYaml .Values.kubearmorOperator.args | trim | nindent 8 }}
         {{- end }}
         {{- end }}
+        {{- with .Values.kubearmorOperator.securityContext }}
+        securityContext:
+              {{- toYaml . | nindent 10 }}
+        {{- end }}
+        {{- with .Values.kubearmorOperator.resources }}
+        resources:
+          {{- toYaml . | nindent 10 }}
+        {{- end }}
 
       serviceAccountName: {{ .Values.kubearmorOperator.name }}
   
diff --git a/deployments/helm/KubeArmorOperator/values.yaml b/deployments/helm/KubeArmorOperator/values.yaml
index b54582d81b..bceb1ce45b 100644
--- a/deployments/helm/KubeArmorOperator/values.yaml
+++ b/deployments/helm/KubeArmorOperator/values.yaml
@@ -36,6 +36,12 @@ kubearmorOperator:
   args:
     - "--initDeploy=true"
 
+  resources: {}
+  podLabels: {}
+  podAnnotations: {}
+  podSecurityContext: {}
+  securityContext: {}
+
 kubearmorConfig:
   defaultCapabilitiesPosture: audit
   defaultFilePosture: audit