From c5d11c13d4404cd7c4b34ba219a9be7c0c4cfda8 Mon Sep 17 00:00:00 2001
From: Preston Alvarado <700740+coolhome@users.noreply.github.com>
Date: Fri, 10 May 2024 18:10:17 -0400
Subject: [PATCH 1/4] Fix Values.ingress.annotations check

Resolves #206
---
 charts/netbox/templates/ingress.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/netbox/templates/ingress.yaml b/charts/netbox/templates/ingress.yaml
index b937c4f3..cffdd288 100644
--- a/charts/netbox/templates/ingress.yaml
+++ b/charts/netbox/templates/ingress.yaml
@@ -5,7 +5,7 @@ metadata:
   name: {{ include "common.names.fullname" . }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-  {{- if or .Values.service.annotations .Values.commonAnnotations }}
+  {{- if or .Values.ingress.annotations .Values.commonAnnotations }}
   {{- $annotations := include "common.tplvalues.merge" ( dict "values" ( list .Values.ingress.annotations .Values.commonAnnotations ) "context" . ) }}
   annotations: {{- include "common.tplvalues.render" ( dict "value" $annotations "context" $) | nindent 4 }}
   {{- end }}

From a4177cab6153e9314b1991a07f32d0f48ae847d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Colombaro?= <git@colombaro.fr>
Date: Sat, 11 May 2024 12:57:05 +0000
Subject: [PATCH 2/4] Streamline rendering for security contexts

Fix https://github.com/netbox-community/netbox-chart/issues/203
---
 charts/netbox/templates/cronjob.yaml          | 10 ++++----
 charts/netbox/templates/deployment.yaml       |  4 +++-
 .../templates/tests/test-connection.yaml      |  3 +++
 .../netbox/templates/worker-deployment.yaml   | 10 ++++----
 charts/netbox/values.yaml                     | 24 +++++++++++--------
 5 files changed, 32 insertions(+), 19 deletions(-)

diff --git a/charts/netbox/templates/cronjob.yaml b/charts/netbox/templates/cronjob.yaml
index b437d1dc..324d1171 100644
--- a/charts/netbox/templates/cronjob.yaml
+++ b/charts/netbox/templates/cronjob.yaml
@@ -36,16 +36,18 @@ spec:
           {{- include "common.images.renderPullSecrets" (dict "images" (list .Values.image) "context" $) | nindent 6 }}
           serviceAccountName: {{ include "netbox.serviceAccountName" . }}
           automountServiceAccountToken: {{ .Values.housekeeping.automountServiceAccountToken }}
-          securityContext:
-            {{- toYaml .Values.housekeeping.podSecurityContext | nindent 12 }}
+          {{- if .Values.housekeeping.podSecurityContext.enabled }}
+          securityContext: {{- omit .Values.housekeeping.podSecurityContext "enabled" | toYaml | nindent 12 }}
+          {{- end }}
           {{- with .Values.housekeeping.initContainers }}
           initContainers:
           {{- toYaml . | nindent 10 }}
           {{- end }}
           containers:
           - name: {{ .Chart.Name }}-housekeeping
-            securityContext:
-              {{- toYaml .Values.housekeeping.securityContext | nindent 14 }}
+            {{- if .Values.housekeeping.securityContext.enabled }}
+            securityContext: {{- omit .Values.housekeeping.securityContext "enabled" | toYaml | nindent 14 }}
+            {{- end }}
             image: {{ include "netbox.image" . | quote }}
             command:
             - /opt/netbox/venv/bin/python
diff --git a/charts/netbox/templates/deployment.yaml b/charts/netbox/templates/deployment.yaml
index 22131ffb..146e469e 100644
--- a/charts/netbox/templates/deployment.yaml
+++ b/charts/netbox/templates/deployment.yaml
@@ -53,7 +53,9 @@ spec:
         {{- else if ne .Values.init.resourcesPreset "none" }}
         resources: {{- include "common.resources.preset" (dict "type" .Values.init.resourcesPreset) | nindent 10 }}
         {{- end }}
-        securityContext: {{- .Values.init.securityContext | toYaml | nindent 10 }}
+        {{- if .Values.init.securityContext.enabled }}
+        securityContext: {{- omit .Values.init.securityContext "enabled" | toYaml | nindent 10 }}
+        {{- end }}
         volumeMounts:
         - name: optunit
           mountPath: /opt/unit
diff --git a/charts/netbox/templates/tests/test-connection.yaml b/charts/netbox/templates/tests/test-connection.yaml
index 7393a3ab..591737ae 100644
--- a/charts/netbox/templates/tests/test-connection.yaml
+++ b/charts/netbox/templates/tests/test-connection.yaml
@@ -17,4 +17,7 @@ spec:
     resources:
       {{- toYaml .Values.test.resources | nindent 6 }}
     {{- end }}
+    {{- if .Values.test.securityContext.enabled }}
+    securityContext: {{- omit .Values.test.securityContext "enabled" | toYaml | nindent 12 }}
+    {{- end }}
   restartPolicy: Never
diff --git a/charts/netbox/templates/worker-deployment.yaml b/charts/netbox/templates/worker-deployment.yaml
index c2cfcf4b..2d1b8989 100644
--- a/charts/netbox/templates/worker-deployment.yaml
+++ b/charts/netbox/templates/worker-deployment.yaml
@@ -44,16 +44,18 @@ spec:
       {{- end }}
       serviceAccountName: {{ include "netbox.serviceAccountName" . }}
       automountServiceAccountToken: {{ .Values.worker.automountServiceAccountToken }}
-      securityContext:
-        {{- toYaml .Values.worker.podSecurityContext | nindent 8 }}
+      {{- if .Values.worker.podSecurityContext.enabled }}
+      securityContext: {{- omit .Values.worker.podSecurityContext "enabled" | toYaml | nindent 8 }}
+      {{- end }}
       {{- with .Values.worker.initContainers }}
       initContainers:
       {{- toYaml . | nindent 6 }}
       {{- end }}
       containers:
       - name: {{ .Chart.Name }}-worker
-        securityContext:
-          {{- toYaml .Values.worker.securityContext | nindent 10 }}
+        {{- if .Values.worker.securityContext.enabled }}
+        securityContext: {{- omit .Values.worker.securityContext "enabled" | toYaml | nindent 10 }}
+        {{- end }}
         image: {{ include "netbox.image" . | quote }}
         command:
         - /opt/netbox/venv/bin/python
diff --git a/charts/netbox/values.yaml b/charts/netbox/values.yaml
index fd64aedc..a282d873 100644
--- a/charts/netbox/values.yaml
+++ b/charts/netbox/values.yaml
@@ -679,16 +679,16 @@ podSecurityContext:
   fsGroup: 1000
 ## Configure Container Security Context (only main container)
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
-## @param containerSecurityContext.enabled Enabled containers' Security Context
-## @param containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
-## @param containerSecurityContext.runAsUser Set containers' Security Context runAsUser
-## @param containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
-## @param containerSecurityContext.runAsNonRoot Set container's Security Context runAsNonRoot
-## @param containerSecurityContext.privileged Set container's Security Context privileged
-## @param containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
-## @param containerSecurityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
-## @param containerSecurityContext.capabilities.drop List of capabilities to be dropped
-## @param containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
+## @param securityContext.enabled Enabled containers' Security Context
+## @param securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
+## @param securityContext.runAsUser Set containers' Security Context runAsUser
+## @param securityContext.runAsGroup Set containers' Security Context runAsGroup
+## @param securityContext.runAsNonRoot Set container's Security Context runAsNonRoot
+## @param securityContext.privileged Set container's Security Context privileged
+## @param securityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
+## @param securityContext.allowPrivilegeEscalation Set container's Security Context allowPrivilegeEscalation
+## @param securityContext.capabilities.drop List of capabilities to be dropped
+## @param securityContext.seccompProfile.type Set container's Security Context seccomp profile
 ##
 securityContext:
   enabled: true
@@ -990,6 +990,7 @@ init:
   ## Init container' Security Context
   ## Note: the chown of the data folder is done to securityContext.runAsUser
   ## and not the below init.securityContext.runAsUser
+  ## @param init.securityContext.enabled Enabled containers' Security Context
   ## @param init.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param init.securityContext.runAsUser User ID for the init container
   ## @param init.securityContext.runAsGroup Group ID for the init container
@@ -997,6 +998,7 @@ init:
   ## @param init.securityContext.seccompProfile.type seccompProfile.type for the init container
   ##
   securityContext:
+    enabled: true
     seLinuxOptions: {}
     seccompProfile:
       type: RuntimeDefault
@@ -1055,6 +1057,7 @@ test:
   ## test container' Security Context
   ## Note: the chown of the data folder is done to securityContext.runAsUser
   ## and not the below test.securityContext.runAsUser
+  ## @param test.securityContext.enabled Enabled containers' Security Context
   ## @param test.securityContext.seLinuxOptions [object,nullable] Set SELinux options in container
   ## @param test.securityContext.runAsUser User ID for the test container
   ## @param test.securityContext.runAsGroup Group ID for the test container
@@ -1062,6 +1065,7 @@ test:
   ## @param test.securityContext.seccompProfile.type seccompProfile.type for the test container
   ##
   securityContext:
+    enabled: false
     seLinuxOptions: {}
     seccompProfile:
       type: RuntimeDefault

From 4728a834dc2eb5edad0bd116c2cfe7504408e805 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Colombaro?= <git@colombaro.fr>
Date: Sat, 11 May 2024 13:05:07 +0000
Subject: [PATCH 3/4] Bump chart version

---
 charts/netbox/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml
index dc50e65d..af68e098 100644
--- a/charts/netbox/Chart.yaml
+++ b/charts/netbox/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: netbox
-version: 5.0.0-beta9
+version: 5.0.0-beta11
 appVersion: "v4.0.0"
 type: application
 kubeVersion: ^1.25.0-0

From d2ba6d42ff7f6e065e0be1b3e82e8c9355c67adf Mon Sep 17 00:00:00 2001
From: Benjamin Reed <github@raccoonfink.com>
Date: Mon, 13 May 2024 11:32:39 -0400
Subject: [PATCH 4/4] bump version to ensure everything passes tests

---
 charts/netbox/Chart.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/netbox/Chart.yaml b/charts/netbox/Chart.yaml
index dc50e65d..c764e1a2 100644
--- a/charts/netbox/Chart.yaml
+++ b/charts/netbox/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: netbox
-version: 5.0.0-beta9
+version: 5.0.0-beta10
 appVersion: "v4.0.0"
 type: application
 kubeVersion: ^1.25.0-0