From 5fb3de0df02eac856e52349e2357cccf3a9c6e71 Mon Sep 17 00:00:00 2001
From: Yves Galante <yves.galante@zelros.com>
Date: Mon, 23 Dec 2024 10:58:05 +0100
Subject: [PATCH] [prometheus-mongodb-exporter] Allow to configure pod security
 context

Signed-off-by: Yves Galante <yves.galante@zelros.com>
---
 charts/prometheus-mongodb-exporter/Chart.yaml            | 2 +-
 .../ci/podsecuritycontext-values.yaml                    | 9 +++++++++
 .../templates/deployment.yaml                            | 4 ++++
 charts/prometheus-mongodb-exporter/values.yaml           | 9 ++++++++-
 4 files changed, 22 insertions(+), 2 deletions(-)
 create mode 100644 charts/prometheus-mongodb-exporter/ci/podsecuritycontext-values.yaml

diff --git a/charts/prometheus-mongodb-exporter/Chart.yaml b/charts/prometheus-mongodb-exporter/Chart.yaml
index e6f937e5a858..b6bc122385e3 100644
--- a/charts/prometheus-mongodb-exporter/Chart.yaml
+++ b/charts/prometheus-mongodb-exporter/Chart.yaml
@@ -15,4 +15,4 @@ maintainers:
 name: prometheus-mongodb-exporter
 sources:
   - https://github.com/percona/mongodb_exporter
-version: 3.10.0
+version: 3.11.0
diff --git a/charts/prometheus-mongodb-exporter/ci/podsecuritycontext-values.yaml b/charts/prometheus-mongodb-exporter/ci/podsecuritycontext-values.yaml
new file mode 100644
index 000000000000..22cbdfa4a2cd
--- /dev/null
+++ b/charts/prometheus-mongodb-exporter/ci/podsecuritycontext-values.yaml
@@ -0,0 +1,9 @@
+---
+# Test customize podSecurityContext
+
+mongodb:
+  uri: mongodb://localhost:9216
+
+podSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault
diff --git a/charts/prometheus-mongodb-exporter/templates/deployment.yaml b/charts/prometheus-mongodb-exporter/templates/deployment.yaml
index 513e6f6da2d1..1370232df1c6 100644
--- a/charts/prometheus-mongodb-exporter/templates/deployment.yaml
+++ b/charts/prometheus-mongodb-exporter/templates/deployment.yaml
@@ -82,6 +82,10 @@ spec:
       {{- end }}
       imagePullSecrets:
         {{- toYaml .Values.imagePullSecrets | nindent 8 }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- tpl (toYaml .) $ | nindent 8 }}
diff --git a/charts/prometheus-mongodb-exporter/values.yaml b/charts/prometheus-mongodb-exporter/values.yaml
index 74e498e0b15c..8435d98d0ac0 100644
--- a/charts/prometheus-mongodb-exporter/values.yaml
+++ b/charts/prometheus-mongodb-exporter/values.yaml
@@ -71,10 +71,17 @@ resources: {}
   #   cpu: 100m
   #   memory: 128Mi
 
+# Customize securityContext of the pod.
+# See https://kubernetes.io/docs/concepts/policy/security-context/ for more.
+podSecurityContext: {}
+  # seccompProfile:
+  #  type: RuntimeDefault
+
 securityContext:
   allowPrivilegeEscalation: false
   capabilities:
-    drop: ["all"]
+    drop:
+      - ALL
   readOnlyRootFilesystem: true
   runAsGroup: 10000
   runAsNonRoot: true