chore: Allow overriding securityContext fields (#212)

daniil-nedostup · MykolaMarusenko · commit cb6fa8b35f3a · 2025-06-17T16:33:56.000+03:00
diff --git a/deploy-templates/README.md b/deploy-templates/README.md
@@ -39,9 +39,11 @@ A Helm chart for KubeRocketCI Codebase Operator
 | jira.rootUrl | string | `"https://jiraeu.example.com"` | URL to Jira server |
 | name | string | `"codebase-operator"` | component name |
 | nodeSelector | object | `{}` |  |
+| podSecurityContext | object | `{"runAsNonRoot":true}` | Pod Security Context Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
 | resources.limits.memory | string | `"192Mi"` |  |
 | resources.requests.cpu | string | `"50m"` |  |
 | resources.requests.memory | string | `"64Mi"` |  |
+| securityContext | object | `{"allowPrivilegeEscalation":false}` | Container Security Context Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ |
 | telemetryEnabled | bool | `true` | Flag to enable/disable telemetry |
 | tolerations | list | `[]` |  |
 
diff --git a/deploy-templates/templates/deployment.yaml b/deploy-templates/templates/deployment.yaml
@@ -19,8 +19,9 @@ spec:
         name: {{ .Values.name }}
     spec:
       serviceAccountName: edp-{{ .Values.name }}
-      securityContext:
-        runAsNonRoot: true
+      {{- if .Values.podSecurityContext }}
+      securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }}
+      {{- end }}
       {{- if .Values.imagePullSecrets }}
       imagePullSecrets: {{ toYaml .Values.imagePullSecrets | nindent 8 }}
       {{- end }}
@@ -36,8 +37,9 @@ spec:
               name: cert
               readOnly: true
           imagePullPolicy: "{{ .Values.imagePullPolicy }}"
-          securityContext:
-            allowPrivilegeEscalation: false
+          {{- if .Values.securityContext }}
+          securityContext: {{ toYaml .Values.securityContext | nindent 12 }}
+          {{- end }}
           env:
             - name: WATCH_NAMESPACE
               valueFrom:
diff --git a/deploy-templates/values.yaml b/deploy-templates/values.yaml
@@ -33,6 +33,16 @@ resources:
     cpu: 50m
     memory: 64Mi
 
+# -- Pod Security Context
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+podSecurityContext:
+  runAsNonRoot: true
+
+# -- Container Security Context
+# Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
+securityContext:
+  allowPrivilegeEscalation: false
+
 jira:
   # -- Flag to enable/disable Jira integration
   integration: false
