From 5505f6dab05e5224b0d0756a32c85d507987e90b Mon Sep 17 00:00:00 2001
From: Alex Shearn <alex.shearn@kraken.tech>
Date: Tue, 7 May 2024 14:18:12 +0100
Subject: [PATCH] Expose the deployment strategy values for the policy
 controller

Prior to this change, the policy controller webhook was not able to have
its deployment strategy modified. If you only deployed a single replica,
it could not perform a rolling update due to the default `maxSurge:
25%` being rounded down to 0.

This change exposes those values, so that the `maxSurge` can be updated
and a single instance can be rolled.

Fixes #748.

Signed-off-by: Alex Shearn <alex.shearn@kraken.tech>
---
 charts/policy-controller/README.md                         | 3 +--
 .../templates/webhook/deployment_webhook.yaml              | 7 +++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/charts/policy-controller/README.md b/charts/policy-controller/README.md
index b9e1c651..94ae98b8 100644
--- a/charts/policy-controller/README.md
+++ b/charts/policy-controller/README.md
@@ -40,7 +40,7 @@ The Helm chart for Policy  Controller
 | webhook.failurePolicy | string | `"Fail"` |  |
 | webhook.image.pullPolicy | string | `"IfNotPresent"` |  |
 | webhook.image.repository | string | `"ghcr.io/sigstore/policy-controller/policy-controller"` |  |
-| webhook.image.version | string | `"sha256:f291fce5b9c1a69ba54990eda7e0fe4114043b1afefb0f4ee3e6f84ec9ef1605"` | `"v0.8.2"` |
+| webhook.image.version | string | `"sha256:f291fce5b9c1a69ba54990eda7e0fe4114043b1afefb0f4ee3e6f84ec9ef1605"` |  |
 | webhook.name | string | `"webhook"` |  |
 | webhook.namespaceSelector.matchExpressions[0].key | string | `"policy.sigstore.dev/include"` |  |
 | webhook.namespaceSelector.matchExpressions[0].operator | string | `"In"` |  |
@@ -71,7 +71,6 @@ The Helm chart for Policy  Controller
 | webhook.webhookNames.defaulting | string | `"defaulting.clusterimagepolicy.sigstore.dev"` |  |
 | webhook.webhookNames.validating | string | `"validating.clusterimagepolicy.sigstore.dev"` |  |
 
-
 ### Deploy `policy-controller` Helm Chart
 
 Install `policy-controller` using Helm:
diff --git a/charts/policy-controller/templates/webhook/deployment_webhook.yaml b/charts/policy-controller/templates/webhook/deployment_webhook.yaml
index 54fd36d6..c736e876 100644
--- a/charts/policy-controller/templates/webhook/deployment_webhook.yaml
+++ b/charts/policy-controller/templates/webhook/deployment_webhook.yaml
@@ -12,6 +12,13 @@ spec:
     matchLabels:
       {{- include "policy-controller.selectorLabels" . | nindent 6 }}
       control-plane: {{ template "policy-controller.fullname" . }}-webhook
+
+{{- if .Values.deployment.strategy }}
+  strategy:
+{{ toYaml .Values.deployment.strategy | trim | indent 4 }}
+    {{ if eq .Values.deployment.strategy.type "Recreate" }}rollingUpdate: null{{ end }}
+{{- end }}
+
   template:
     metadata:
       labels: