From cd85626eb9fc5026daf7644a1a69ba470dbb56dd Mon Sep 17 00:00:00 2001
From: Greg Symons <gsymons@affinipay.com>
Date: Thu, 9 Jan 2020 16:06:55 -0600
Subject: [PATCH] Add ability to specify Pod security context to kafka and
 zookeeper

---
 charts/cp-kafka/templates/statefulset.yaml     | 4 ++++
 charts/cp-kafka/values.yaml                    | 9 +++++++++
 charts/cp-zookeeper/templates/statefulset.yaml | 4 ++++
 charts/cp-zookeeper/values.yaml                | 9 +++++++++
 4 files changed, 26 insertions(+)

diff --git a/charts/cp-kafka/templates/statefulset.yaml b/charts/cp-kafka/templates/statefulset.yaml
index abc53612..e640761d 100644
--- a/charts/cp-kafka/templates/statefulset.yaml
+++ b/charts/cp-kafka/templates/statefulset.yaml
@@ -168,6 +168,10 @@ spec:
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
       {{- end }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+{{ toYaml .Values.securityContext.spec | indent 8 }}
+      {{- end }}
   {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
   {{- $disksPerBroker := .Values.persistence.disksPerBroker | int }}
diff --git a/charts/cp-kafka/values.yaml b/charts/cp-kafka/values.yaml
index e9342fe6..db3fed6f 100644
--- a/charts/cp-kafka/values.yaml
+++ b/charts/cp-kafka/values.yaml
@@ -101,6 +101,15 @@ podAnnotations: {}
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 nodeSelector: {}
 
+## Whether or not to apply a security context to the StatefulSet pods, and the specification
+## of that security context.
+securityContext:
+  enabled: false
+  spec:
+    runAsUser: 5000
+    runAsGroup: 5000
+    fsGroup: 5000
+
 ## Taints to tolerate on node assignment:
 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: {}
diff --git a/charts/cp-zookeeper/templates/statefulset.yaml b/charts/cp-zookeeper/templates/statefulset.yaml
index e7b09087..4ec1c20b 100644
--- a/charts/cp-zookeeper/templates/statefulset.yaml
+++ b/charts/cp-zookeeper/templates/statefulset.yaml
@@ -155,6 +155,10 @@ spec:
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
       {{- end }}
+      {{- if .Values.securityContext.enabled }}
+      securityContext:
+{{ toYaml .Values.securityContext.spec | indent 8 }}
+      {{- end }}
   {{- if .Values.persistence.enabled }}
   volumeClaimTemplates:
   - metadata:
diff --git a/charts/cp-zookeeper/values.yaml b/charts/cp-zookeeper/values.yaml
index 43fdc352..4b47dad0 100644
--- a/charts/cp-zookeeper/values.yaml
+++ b/charts/cp-zookeeper/values.yaml
@@ -99,6 +99,15 @@ headlessServiceAnnotations: {}
 ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/
 nodeSelector: {}
 
+## Whether or not to apply a security context to the StatefulSet pods, and the specification
+## of that security context.
+securityContext:
+  enabled: false
+  spec:
+    runAsUser: 5000
+    runAsGroup: 5000
+    fsGroup: 5000
+
 ## Taints to tolerate on node assignment:
 ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
 tolerations: {}