Merge pull request #645 from shanemcd/pod-security-context

Add support for arbitrary pod-level securityContext settings

config/crd/bases/awx.ansible.com_awxs.yaml

@@ -408,6 +408,10 @@ spec:
                         x-kubernetes-preserve-unknown-fields: true
                     type: object
                   type: array
+                security_context_settings:
+                  description: Key/values that will be set under the pod-level securityContext field
+                  type: object
+                  x-kubernetes-preserve-unknown-fields: true
               type: object
             status:
               properties:

roles/installer/defaults/main.yml

@@ -235,3 +235,5 @@ bundle_cacert_secret: ''
 garbage_collect_secrets: false
 
 development_mode: false
+
+security_context_settings: {}

roles/installer/templates/deployment.yaml.j2

@@ -310,9 +310,14 @@ spec:
       tolerations:
         {{ tolerations | indent(width=8) }}
 {% endif %}
-{% if projects_persistence|bool %}
+{% if projects_persistence|bool or (security_context_settings|length) %}
       securityContext:
+{% if projects_persistence|bool %}
         fsGroup: 1000
+{% endif %}
+{% if security_context_settings|length %}
+        {{ security_context_settings | to_nice_yaml | indent(8) }}
+{% endif %}
 {% endif %}
       volumes:
 {% if bundle_ca_crt %}

watches.yaml

@@ -4,14 +4,17 @@
   group: awx.ansible.com
   kind: AWX
   role: installer
+  snakeCaseParameters: False
 
 - version: v1beta1
   group: awx.ansible.com
   kind: AWXBackup
   role: backup
+  snakeCaseParameters: False
 
 - version: v1beta1
   group: awx.ansible.com
   kind: AWXRestore
   role: restore
+  snakeCaseParameters: False
 # +kubebuilder:scaffold:watch