From c72aeaf15be6227aebeeeb3bfaa0638355a84167 Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Tue, 9 Jul 2024 08:05:57 +0200
Subject: [PATCH 1/7] Move runAsNonRoot to values.yaml and add support for
 runAsUser/runAsGroup

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/values.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/chart/operator/values.yaml b/chart/operator/values.yaml
index e7e2b913..56e5bf42 100644
--- a/chart/operator/values.yaml
+++ b/chart/operator/values.yaml
@@ -63,6 +63,11 @@ controllerManager:
   ## ref: https://kubernetes.io/docs/user-guide/node-selection/
   #
   nodeSelector: {}
+  podSecurityContext:
+    runAsNonRoot: true
+    # Set securityContext.runAsUser/runAsGroup if necessary. Values below were taken from https://github.com/k8sgpt-ai/k8sgpt-operator/blob/main/Dockerfile
+    # runAsUser: 65532
+    # runAsGroup: 65532
 kubernetesClusterDomain: cluster.local
 metricsService:
   ports:

From c6ec00511905e2c33aadfc378344fc0af7f2458b Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Tue, 9 Jul 2024 08:07:55 +0200
Subject: [PATCH 2/7] Adjust spec.template.spec.securityContext

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/templates/deployment.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/chart/operator/templates/deployment.yaml b/chart/operator/templates/deployment.yaml
index adf957c5..ae3ee005 100644
--- a/chart/operator/templates/deployment.yaml
+++ b/chart/operator/templates/deployment.yaml
@@ -98,8 +98,10 @@ spec:
           }}
         securityContext: {{- toYaml .Values.controllerManager.manager.containerSecurityContext
           | nindent 10 }}
+      {{- if .Values.controllerManager.podSecurityContext }}
       securityContext:
-        runAsNonRoot: true
+      {{- toYaml .Values.controllerManager.podSecurityContext | nindent 8 }}
+      {{- end }}
       serviceAccountName: {{ include "chart.fullname" . }}-controller-manager
       terminationGracePeriodSeconds: 10
     {{- if .Values.controllerManager.nodeSelector }}

From d6e6d43bdab20b9067c5df8614c1761d648dbbfa Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Fri, 10 Jan 2025 12:40:01 +0100
Subject: [PATCH 3/7] Update k8sgpt-sa.yaml

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/templates/k8sgpt-sa.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chart/operator/templates/k8sgpt-sa.yaml b/chart/operator/templates/k8sgpt-sa.yaml
index 105a4a93..fef84a29 100644
--- a/chart/operator/templates/k8sgpt-sa.yaml
+++ b/chart/operator/templates/k8sgpt-sa.yaml
@@ -1,4 +1,4 @@
-{{- if or .Values.serviceAccount.create -}}
+{{- if .Values.serviceAccount.create}}
 apiVersion: v1
 kind: ServiceAccount
 metadata:

From cad3893d31fc3fe2d203a66cc3a6714f00030269 Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Fri, 10 Jan 2025 12:41:25 +0100
Subject: [PATCH 4/7] Update k8sgpt-cluster-role.yaml

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/templates/k8sgpt-cluster-role.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/chart/operator/templates/k8sgpt-cluster-role.yaml b/chart/operator/templates/k8sgpt-cluster-role.yaml
index dec9e729..45dd1181 100644
--- a/chart/operator/templates/k8sgpt-cluster-role.yaml
+++ b/chart/operator/templates/k8sgpt-cluster-role.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.serviceAccount.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -21,3 +22,4 @@ rules:
       - '*'
     verbs:
       - '*'
+{{- end }}

From b877302f65d0d18e5ce9658aa0c18e118b889ff1 Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Fri, 10 Jan 2025 12:42:10 +0100
Subject: [PATCH 5/7] Update k8sgpt-cluster-role-binding.yaml

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/templates/k8sgpt-cluster-role-binding.yaml | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/chart/operator/templates/k8sgpt-cluster-role-binding.yaml b/chart/operator/templates/k8sgpt-cluster-role-binding.yaml
index a911be8f..e59b6b65 100644
--- a/chart/operator/templates/k8sgpt-cluster-role-binding.yaml
+++ b/chart/operator/templates/k8sgpt-cluster-role-binding.yaml
@@ -1,3 +1,4 @@
+{{- if .Values.serviceAccount.create }}
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
@@ -12,3 +13,4 @@ subjects:
   - kind: ServiceAccount
     name: "k8sgpt"
     namespace: {{ .Release.Namespace }}
+{{- end }}

From afecad61269c775b88ea11666e4f7508940a7747 Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Fri, 10 Jan 2025 12:46:09 +0100
Subject: [PATCH 6/7] Update README.md

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/README.md | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/chart/operator/README.md b/chart/operator/README.md
index fd7ec4b2..2b645d5f 100644
--- a/chart/operator/README.md
+++ b/chart/operator/README.md
@@ -12,6 +12,10 @@ The following table lists the configurable parameters of the K8sgpt-operator cha
 <!---x-release-please-start-version-->
 | Parameter                | Description             | Default        |
 | ------------------------ | ----------------------- | -------------- |
+| `interplex.enabled` |  | `false` |
+| `serviceAccount.create` |  | `true` |
+| `serviceAccount.name` |  | `"k8sgpt"` |
+| `serviceAccount.annotations` |  | `{}` |
 | `serviceMonitor.enabled` |  | `false` |
 | `serviceMonitor.additionalLabels` |  | `{}` |
 | `grafanaDashboard.enabled` |  | `false` |
@@ -40,7 +44,6 @@ The following table lists the configurable parameters of the K8sgpt-operator cha
 | `kubernetesClusterDomain` |  | `"cluster.local"` |
 | `metricsService.ports` |  | `[{"name": "https", "port": 8443, "protocol": "TCP", "targetPort": "https"}]` |
 | `metricsService.type` |  | `"ClusterIP"` |
-
 <!---x-release-please-end-->
 
 ---

From 98216477dbd07c8324870e2cbe4d593ff81ed898 Mon Sep 17 00:00:00 2001
From: ChristianBieri1995
 <122007149+ChristianBieri1995@users.noreply.github.com>
Date: Fri, 10 Jan 2025 12:53:01 +0100
Subject: [PATCH 7/7] fix missing whitespace

Signed-off-by: ChristianBieri1995 <122007149+ChristianBieri1995@users.noreply.github.com>
---
 chart/operator/templates/k8sgpt-sa.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/chart/operator/templates/k8sgpt-sa.yaml b/chart/operator/templates/k8sgpt-sa.yaml
index fef84a29..0634c6a9 100644
--- a/chart/operator/templates/k8sgpt-sa.yaml
+++ b/chart/operator/templates/k8sgpt-sa.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.serviceAccount.create}}
+{{- if .Values.serviceAccount.create }}
 apiVersion: v1
 kind: ServiceAccount
 metadata: