diff --git a/codegen/model/chart.go b/codegen/model/chart.go index bce91ae1..3c9d9165 100644 --- a/codegen/model/chart.go +++ b/codegen/model/chart.go @@ -98,6 +98,9 @@ type Operator struct { // // E.g: `and (.Values.operator.customValueA) (.Values.operator.customValueB)` CustomEnableCondition string + + // Optional: if specified, will use this path in rendering template logic + GlobalFloatingUserIdPath string } func (o Operator) FormattedName() string { diff --git a/codegen/templates/chart/operator-deployment.yamltmpl b/codegen/templates/chart/operator-deployment.yamltmpl index 5d8c4d62..8dba0c27 100644 --- a/codegen/templates/chart/operator-deployment.yamltmpl +++ b/codegen/templates/chart/operator-deployment.yamltmpl @@ -87,6 +87,10 @@ spec: spec: serviceAccountName: [[ $operator.Name ]] {{- /* Override the default podSecurityContext config if it is set. */}} +[[- /* the GlobalFloatingUserId is expected to disable the pod security context */ -]] +[[- if $operator.GlobalFloatingUserIdPath ]] +{{- if not [[ $operator.GlobalFloatingUserIdPath ]] }} +[[- end ]] {{- if or ([[ (opVar $operator) ]].podSecurityContext) (eq "map[]" (printf "%v" [[ (opVar $operator) ]].podSecurityContext)) }} securityContext: {{ toYaml [[ (opVar $operator) ]].podSecurityContext | indent 8 }} @@ -96,6 +100,9 @@ spec: [[ toYaml $podSecurityContext | indent 8 ]] [[- end ]] {{- end }} +[[- if $operator.GlobalFloatingUserIdPath ]] [[/* end the "if" if GlobalFloatingUserId is being checked */]] +{{- end }} +[[- end ]] [[- if $volumes ]] volumes: [[ toYaml $volumes | indent 6 ]] @@ -201,7 +208,12 @@ spec: {} {{- else}} runAsNonRoot: true + [[- /* if there is a GlobalFloatingUserIdPath add it to the runAsuser logic */ -]] + [[- if $operator.GlobalFloatingUserIdPath ]] + {{- if not (or $[[ $operatorVar ]].floatingUserId [[ $operator.GlobalFloatingUserIdPath ]]) }} + [[- else ]] {{- if not $[[ $operatorVar ]].floatingUserId }} + [[- end ]] runAsUser: {{ printf "%.0f" (float64 $[[ $operatorVar ]].runAsUser) }} {{- end }} readOnlyRootFilesystem: true