From d2ebb5acbc1047d37553424659aab4332b153310 Mon Sep 17 00:00:00 2001
From: anishakj <anisha.kj@dell.com>
Date: Fri, 25 Feb 2022 00:49:59 -0800
Subject: [PATCH] Added support to run zookeeper operator as non-root

Signed-off-by: anishakj <anisha.kj@dell.com>
---
 .../templates/post-install-upgrade-hooks.yaml          |  6 +++++-
 .../zookeeper-operator/templates/pre-delete-hooks.yaml |  7 +++++--
 charts/zookeeper-operator/values.yaml                  | 10 +++++++++-
 .../templates/post-install-upgrade-hooks.yaml          |  4 ++++
 charts/zookeeper/values.yaml                           |  7 +++++--
 5 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml b/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml
index ec17fbc1a..bbbe41b86 100644
--- a/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml
+++ b/charts/zookeeper-operator/templates/post-install-upgrade-hooks.yaml
@@ -94,6 +94,10 @@ spec:
       containers:
       - name: post-install-upgrade-job
         image: "{{ .Values.hooks.image.repository }}:{{ .Values.hooks.image.tag }}"
+        {{- if .Values.hooks.securityContext }}
+        securityContext:
+{{ toYaml .Values.hooks.securityContext | indent 10 }}
+        {{- end }}
         command:
           - /scripts/validations.sh
         volumeMounts:
@@ -116,4 +120,4 @@ spec:
       {{- if .Values.tolerations }}
       tolerations:
 {{ toYaml .Values.tolerations | indent 8 }}
-      {{- end }}
\ No newline at end of file
+      {{- end }}
diff --git a/charts/zookeeper-operator/templates/pre-delete-hooks.yaml b/charts/zookeeper-operator/templates/pre-delete-hooks.yaml
index 250b6e230..0156d4849 100644
--- a/charts/zookeeper-operator/templates/pre-delete-hooks.yaml
+++ b/charts/zookeeper-operator/templates/pre-delete-hooks.yaml
@@ -90,8 +90,7 @@ metadata:
     "helm.sh/hook-weight": "2"
     "helm.sh/hook-delete-policy": hook-succeeded, before-hook-creation, hook-failed
 spec:
-  backoffLimit: 1
-  activeDeadlineSeconds: 20
+  backoffLimit: 6
   template:
     metadata:
       name: {{ template "zookeeper-operator.fullname" . }}-pre-delete
@@ -101,6 +100,10 @@ spec:
       containers:
         - name: pre-delete-job
           image: "{{ .Values.hooks.image.repository }}:{{ .Values.hooks.image.tag }}"
+          {{- if .Values.hooks.securityContext }}
+          securityContext:
+{{ toYaml .Values.hooks.securityContext | indent 12 }}
+          {{- end }}
           command:
             - /scripts/pre-delete.sh
           volumeMounts:
diff --git a/charts/zookeeper-operator/values.yaml b/charts/zookeeper-operator/values.yaml
index 0be40ddaf..77f43fce0 100644
--- a/charts/zookeeper-operator/values.yaml
+++ b/charts/zookeeper-operator/values.yaml
@@ -12,6 +12,10 @@ image:
   tag: 0.2.13
   pullPolicy: IfNotPresent
 
+securityContext: {}
+#  runAsUser: 1001
+#  runAsGroup: 1001
+
 ## Additional labels to be added to resources
 labels: {}
 
@@ -56,11 +60,15 @@ hooks:
   backoffLimit: 10
   image:
     repository: lachlanevenson/k8s-kubectl
-    tag: v1.16.10
+    tag: v1.23.2
   ## Whether to create pre-delete hook which ensures that
   ## the operator cannot be deleted till the zookeeper cluster
   ## custom resources have been cleaned up
   delete: true
+  securityContext: {}
+  #  runAsUser: 1001
+  #  runAsGroup: 1001
+
 
 ## Additional Sidecars Configuration.
 additionalSidecars: {}
diff --git a/charts/zookeeper/templates/post-install-upgrade-hooks.yaml b/charts/zookeeper/templates/post-install-upgrade-hooks.yaml
index 6d08d5f98..dfb5f1bb4 100644
--- a/charts/zookeeper/templates/post-install-upgrade-hooks.yaml
+++ b/charts/zookeeper/templates/post-install-upgrade-hooks.yaml
@@ -124,6 +124,10 @@ spec:
       containers:
       - name: post-install-upgrade-job
         image: "{{ .Values.hooks.image.repository }}:{{ .Values.hooks.image.tag }}"
+        {{- if .Values.hooks.securityContext }}
+        securityContext:
+{{ toYaml .Values.hooks.securityContext | indent 10 }}
+        {{- end }}
         command:
           - /scripts/validations.sh
         volumeMounts:
diff --git a/charts/zookeeper/values.yaml b/charts/zookeeper/values.yaml
index 7ff107ee6..0938e98fb 100644
--- a/charts/zookeeper/values.yaml
+++ b/charts/zookeeper/values.yaml
@@ -69,7 +69,7 @@ config:
   # autoPurgePurgeInterval: 1
   # quorumListenOnAllIPs: false
   # additionalConfig: {}
-  
+
 ## configure the storage type
 ## accepted values : persistence/ephemeral
 ## default option is persistence
@@ -93,7 +93,10 @@ ephemeral:
 hooks:
   image:
     repository: lachlanevenson/k8s-kubectl
-    tag: v1.16.10
+    tag: v1.23.2
+    securityContext: {}
+    #  runAsUser: 1001
+    #  runAsGroup: 1001
   backoffLimit: 10
   pod:
     annotations: {}