add GlobalFloatingUserIdPath

codegen/model/chart.go

@@ -98,6 +98,9 @@ type Operator struct {
 	//
 	// E.g: `and (.Values.operator.customValueA) (.Values.operator.customValueB)`
 	CustomEnableCondition string
+
+	// Optional: if specified, will use this path in rendering template logic
+	GlobalFloatingUserIdPath string
 }
 
 func (o Operator) FormattedName() string {

codegen/templates/chart/operator-deployment.yamltmpl

@@ -87,6 +87,10 @@ spec:
     spec:
       serviceAccountName: [[ $operator.Name ]]
       {{- /* Override the default podSecurityContext config if it is set. */}}
+[[- /* the GlobalFloatingUserId is expected to disable the pod security context */ -]]
+[[- if $operator.GlobalFloatingUserIdPath ]]
+{{- if not [[ $operator.GlobalFloatingUserIdPath ]] }}
+[[- end ]]
 {{- if or ([[ (opVar $operator) ]].podSecurityContext) (eq "map[]" (printf "%v" [[ (opVar $operator) ]].podSecurityContext)) }}
       securityContext:
 {{ toYaml [[ (opVar $operator) ]].podSecurityContext | indent 8 }}
@@ -96,6 +100,9 @@ spec:
 [[ toYaml $podSecurityContext | indent 8 ]]
 [[- end ]]
 {{- end }}
+[[- if $operator.GlobalFloatingUserIdPath ]] [[/* end the "if" if GlobalFloatingUserId is being checked */]]
+{{- end }}
+[[- end ]]
 [[- if $volumes ]]
       volumes:
 [[ toYaml $volumes | indent 6 ]]
@@ -201,7 +208,12 @@ spec:
           {}
 {{- else}}
           runAsNonRoot: true
+          [[- /* if there is a GlobalFloatingUserIdPath add it to the runAsuser logic */ -]]
+          [[- if $operator.GlobalFloatingUserIdPath ]]
+          {{- if not (or $[[ $operatorVar ]].floatingUserId [[ $operator.GlobalFloatingUserIdPath ]]) }}
+          [[- else ]]
           {{- if not $[[ $operatorVar ]].floatingUserId }}
+          [[- end ]]
           runAsUser: {{ printf "%.0f" (float64 $[[ $operatorVar ]].runAsUser) }}
           {{- end }}
           readOnlyRootFilesystem: true