fix pb when use securityContext and add opportunity to add storagecla…

…ss (#2818)

* fix pb when use securityContext and add opportunity to add storageclass

* add readme comment and fixup

* fixup

* fixup

* fixup

charts/catalog/README.md

@@ -75,6 +75,7 @@ chart and their default values.
 | `controllerManager.service.clusterIP` | If service type is ClusterIP, specify clusterIP as `None` for `headless services` OR specify your own specific IP OR leave blank to let Kubernetes assign a cluster IP |  |
 | `rbacEnable` | If true, create & use RBAC resources | `true` |
 | `originatingIdentityEnabled` | Whether the OriginatingIdentity feature should be enabled | `true` |
+| `persistence.storageClass` | Define the storageclass use by pvc | `null` |
 | `asyncBindingOperationsEnabled` | Whether or not alpha support for async binding operations is enabled | `false` |
 | `namespacedServiceBrokerDisabled` | Whether or not alpha support for namespace scoped brokers is disabled | `false` |
 

charts/catalog/templates/cleaner-job.yaml

@@ -87,6 +87,10 @@ spec:
         release: "{{ .Release.Name }}"
         heritage: "{{ .Release.Service }}"
     spec:
+{{- with .Values.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+{{- end }}
       restartPolicy: Never
       serviceAccountName: clean-job-account
       imagePullSecrets:

charts/catalog/templates/controller-manager-deployment.yaml

@@ -35,6 +35,9 @@ spec:
       serviceAccountName: "{{ .Values.controllerManager.serviceAccount }}"
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}
+      volumes:
+        - name: run
+          emptyDir: {}
       containers:
       - name: controller-manager
         image: {{ .Values.image }}
@@ -99,6 +102,9 @@ spec:
         - --feature-gates
         - CascadingDeletion=true
         {{- end }}
+        volumeMounts:
+        - mountPath: /var/run
+          name: run
         ports:
         - containerPort: 8444
         {{- if .Values.controllerManager.healthcheck.enabled }}

charts/catalog/templates/migration-job.yaml

@@ -112,6 +112,10 @@ spec:
         release: "{{ .Release.Name }}"
         heritage: "{{ .Release.Service }}"
     spec:
+{{- with .Values.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+{{- end }}
       restartPolicy: Never
       serviceAccountName: migration-job-account
       imagePullSecrets:

charts/catalog/templates/pre-migration-job.yaml

@@ -92,6 +92,13 @@ spec:
   resources:
     requests:
       storage: 200Mi
+{{- if .Values.persistence.storageClass }}
+  {{- if (eq "-" .Values.persistence.storageClass) }}
+      storageClassName: ""
+  {{- else }}
+      storageClassName: "{{ .Values.persistence.storageClass }}"
+  {{- end }}
+{{- end }}
 
 ---
 apiVersion: batch/v1
@@ -119,6 +126,10 @@ spec:
         release: "{{ .Release.Name }}"
         heritage: "{{ .Release.Service }}"
     spec:
+{{- with .Values.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+{{- end }}
       restartPolicy: Never
       serviceAccountName: pre-migration-job-account
       imagePullSecrets:

charts/catalog/templates/webhook-deployment.yaml

@@ -28,6 +28,10 @@ spec:
 {{ toYaml .Values.webhook.annotations | indent 8 }}
       {{- end }}
     spec:
+{{- with .Values.securityContext }}
+      securityContext:
+{{ toYaml . | indent 8 }}
+{{- end }}
       serviceAccountName: "{{ .Values.webhook.serviceAccount }}"
       imagePullSecrets:
 {{ toYaml .Values.imagePullSecrets | indent 8 }}

charts/catalog/values.yaml

@@ -116,3 +116,12 @@ cascadingDeletionEnabled: false
 ## by example :
 ## securityContext: { runAsUser: 1001 }
 securityContext: {}
+persistence:
+  ## database data Persistent Volume Storage Class
+  ## If defined, storageClassName: <storageClass>
+  ## If set to "-", storageClassName: "", which disables dynamic provisioning
+  ## If undefined (the default) or set to null, no storageClassName spec is
+  ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
+  ##   GKE, AWS & OpenStack)
+  ##
+  storageClass: