From a5efe7d6412d0cbb61083d4219e048ce1aaabfc9 Mon Sep 17 00:00:00 2001
From: nlopatin <nlopatin@reksoft.ru>
Date: Tue, 11 Jul 2023 07:33:47 +0000
Subject: [PATCH] securityContext support

---
 charts/cp-kafka-connect/README.md                 |  7 +++++++
 charts/cp-kafka-connect/templates/deployment.yaml |  5 +++++
 charts/cp-kafka-connect/values.yaml               | 10 ++++++++++
 3 files changed, 22 insertions(+)

diff --git a/charts/cp-kafka-connect/README.md b/charts/cp-kafka-connect/README.md
index f3b2fd81..80529d67 100644
--- a/charts/cp-kafka-connect/README.md
+++ b/charts/cp-kafka-connect/README.md
@@ -97,6 +97,13 @@ The configuration parameters in this section control the resources requested and
 | `imagePullPolicy` | Docker Image Tag of Confluent Kafka Connect. | `IfNotPresent` |
 | `imagePullSecrets` | Secrets to be used for private registries. | see [values.yaml](values.yaml) for details |
 
+### Security Context
+
+ Parameter | Description | Default |
+| --------- | ----------- | ------- |
+| `podSecurityContext` | securityContext for Pod [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) | `{}`
+| `securityContext`| Security Context for container [Kubernetes documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) | `{}`
+
 ### Port
 
 | Parameter | Description | Default |
diff --git a/charts/cp-kafka-connect/templates/deployment.yaml b/charts/cp-kafka-connect/templates/deployment.yaml
index 4582f4ac..316a4e44 100644
--- a/charts/cp-kafka-connect/templates/deployment.yaml
+++ b/charts/cp-kafka-connect/templates/deployment.yaml
@@ -33,6 +33,8 @@ spec:
       {{- end }}
       {{- end }}
     spec:
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         {{- if .Values.prometheus.jmx.enabled }}
         - name: prometheus-jmx-exporter
@@ -69,6 +71,9 @@ spec:
             {{- end }}
           resources:
 {{ toYaml .Values.resources | indent 12 }}
+
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
           env:
             - name: CONNECT_REST_ADVERTISED_HOST_NAME
               valueFrom:
diff --git a/charts/cp-kafka-connect/values.yaml b/charts/cp-kafka-connect/values.yaml
index ff2cad6c..7491eccd 100644
--- a/charts/cp-kafka-connect/values.yaml
+++ b/charts/cp-kafka-connect/values.yaml
@@ -133,3 +133,13 @@ livenessProbe:
   # initialDelaySeconds: 30
   # periodSeconds: 5
   # failureThreshold: 10
+
+podSecurityContext: {}
+  # runAsUser: 1000
+
+securityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # runAsNonRoot: true
+  # runAsUser: 1000