feat: add podAnnotations and add dsAnnotation configurable

close #193

Signed-off-by: Christian Kotzbauer <git@ckotzbauer.de>

charts/access-manager/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: Kubernetes-Operator to simplify RBAC configurations
 name: access-manager
-version: 0.14.0
+version: 0.14.1
 appVersion: 0.13.0
 home: https://github.com/ckotzbauer/access-manager
 sources:

charts/access-manager/README.md

@@ -50,6 +50,7 @@ The following table lists the configurable parameters of the Access-Manager char
 | `podAnnotations`                       | annotations to add to each pod                    | `{}`                                  |
 | `priorityClassName`                    | priority class name for the pod                   | `""`                                  |
 | `resources`                            | pod resource requests & limits                    | See [values.yaml](values.yaml)        |
+| `podSecurityContext`                   | pod securityContext                               | See [values.yaml](values.yaml)        |
 | `securityContext`                      | container securityContext                         | See [values.yaml](values.yaml)        |
 | `serviceAccount.create`	             | Should we create a ServiceAccount	             | `true`                                |
 | `serviceAccount.name`		             | Name of the ServiceAccount to use                 | null                                  |

charts/access-manager/templates/deployment.yaml

@@ -49,5 +49,9 @@ spec:
     {{- end }}
     {{- with .Values.tolerations }}
       tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.podSecurityContext }}
+      securityContext:
 {{ toYaml . | indent 8 }}
     {{- end }}

charts/access-manager/values.yaml

@@ -21,6 +21,8 @@ resources:
     cpu: 50m
     memory: 128Mi
 
+podSecurityContext: {}
+
 securityContext:
   privileged: false
   runAsUser: 1001

charts/cadvisor/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 description: A chart for a Cadvisor deployment
 name: cadvisor
-version: 2.3.2
+version: 2.3.3
 appVersion: 0.49.1
 home: https://github.com/google/cadvisor
 sources:

charts/cadvisor/README.md

@@ -60,6 +60,7 @@ The following table lists the configurable parameters of the cAdvisor chart and
 | `resources`                    | pod resource requests & limits                   | `{}`                       |
 | `serviceAccount.create`        | create a own serviceAccount for the pod          | `true`                     |
 | `serviceAccount.name`          | name of the serviceAccount to create             | `""`                       |
+| `daemonsetAnnotations`         | annotations for the daemonset                    | `{}`                       |
 | `podAnnotations`               | annotations for the daemonset pods               | `{}`                       |
 | `podLabels`                    | labels for the daemonset pods                    | `{}`                       |
 | `priorityClassName`            | priority classes name for the pod                | `{}`                       |

charts/cadvisor/templates/daemonset.yaml

@@ -3,8 +3,10 @@ kind: DaemonSet
 metadata:
   name: {{ template "cadvisor.name" . }}
   namespace: {{ .Release.Namespace }}
+  {{- with .Values.daemonsetAnnotations }}
   annotations:
-      seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
+{{ toYaml . | indent 4 }}
+  {{- end }}
   labels:
     app: {{ template "cadvisor.name" . }}
     chart: {{ template "cadvisor.chart" . }}

charts/cadvisor/values.yaml

@@ -50,6 +50,9 @@ resources: {}
 podAnnotations: {}
 podLabels: {}
 
+daemonsetAnnotations:
+  seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
+
 # priorityClassName: system-cluster-critical
 priorityClassName: {}
 

charts/sbom-operator/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Catalogue all images of a Kubernetes cluster to multiple targets with Syft
 name: sbom-operator
-version: 0.33.0
+version: 0.33.1
 appVersion: 0.32.0
 home: https://github.com/ckotzbauer/sbom-operator
 sources:

charts/sbom-operator/README.md

@@ -42,6 +42,7 @@ The following table lists the configurable parameters of the sbom-operator chart
 | `podAnnotations`                       | annotations to add to each pod                    | `{}`                                     |
 | `priorityClassName`                    | priority class name for the pod                   | `""`                                     |
 | `resources`                            | pod resource requests & limits                    | See [values.yaml](values.yaml)           |
+| `podSecurityContext`                   | pod securityContext                               | See [values.yaml](values.yaml)        |
 | `securityContext`                      | container securityContext                         | See [values.yaml](values.yaml)           |
 | `serviceAccount.create`                | Should we create a ServiceAccount                 | `true`                                   |
 | `serviceAccount.name`                  | Name of the ServiceAccount to use                 | null                                     |

charts/sbom-operator/templates/deployment.yaml

@@ -99,5 +99,9 @@ spec:
     {{- end }}
     {{- with .Values.tolerations }}
       tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.podSecurityContext }}
+      securityContext:
 {{ toYaml . | indent 8 }}
     {{- end }}

charts/sbom-operator/values.yaml

@@ -26,6 +26,8 @@ resources: {}
 #    cpu: 100m
 #    memory: 100Mi
 
+podSecurityContext: {}
+
 securityContext:
   privileged: false
   runAsUser: 1001

charts/vulnerability-operator/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 description: Scans SBOMs for vulnerabilities
 name: vulnerability-operator
-version: 0.25.0
+version: 0.25.1
 appVersion: 0.23.0
 home: https://github.com/ckotzbauer/vulnerability-operator
 sources:

charts/vulnerability-operator/README.md

@@ -46,6 +46,7 @@ The following table lists the configurable parameters of the vulnerability-opera
 | `resources`                            | pod resource requests & limits                    | See [values.yaml](values.yaml)                |
 | `extraVolumes`                         | Extra volumes (needed for GithubApp PK).          | `[]`                                          |
 | `extraVolumeMounts`                    | Extra volume mounts                               | `[]`                                          |
+| `podSecurityContext`                   | pod securityContext                               | See [values.yaml](values.yaml)        |
 | `securityContext`                      | container securityContext                         | See [values.yaml](values.yaml)                |
 | `serviceAccount.create`	             | Should we create a ServiceAccount	             | `true`                                        |
 | `serviceAccount.name`		             | Name of the ServiceAccount to use                 | null                                          |

charts/vulnerability-operator/templates/deployment.yaml

@@ -108,5 +108,9 @@ spec:
     {{- end }}
     {{- with .Values.tolerations }}
       tolerations:
+{{ toYaml . | indent 8 }}
+    {{- end }}
+    {{- with .Values.podSecurityContext }}
+      securityContext:
 {{ toYaml . | indent 8 }}
     {{- end }}

charts/vulnerability-operator/values.yaml

@@ -60,6 +60,8 @@ resources: {}
 #    cpu: 100m
 #    memory: 100Mi
 
+podSecurityContext: {}
+
 securityContext:
   capabilities:
     drop: