Add support for pod securityContext configuration to operator helm chart (#818)

yrosemacbs · web-flow · commit 01e4bf3176d5 · 2026-06-18T11:08:39.000-07:00
diff --git a/helm/solr-operator/Chart.yaml b/helm/solr-operator/Chart.yaml
@@ -117,6 +117,13 @@ annotations:
           url: https://github.com/apache/solr-operator/issues/797
         - name: Github PR
           url: https://github.com/apache/solr-operator/pull/796
+    - kind: added
+      description: Add option for Pod SecurityContext in the Solr-Operator Helm chart
+      links:
+        - name: Github Issue
+          url: https://github.com/apache/solr-operator/issues/817
+        - name: Github PR
+          url: https://github.com/apache/solr-operator/pull/818
   artifacthub.io/images: |
     - name: solr-operator
       image: apache/solr-operator:v0.10.0-prerelease
diff --git a/helm/solr-operator/README.md b/helm/solr-operator/README.md
@@ -183,7 +183,8 @@ The command removes all the Kubernetes components associated with the chart and
 | serviceAccount.name | string | `""` | If `serviceAccount.create` is set to `false`, the name of an existing serviceAccount in the target namespace **must** be provided to run the Solr Operator with. This serviceAccount with be given the operator's RBAC rules. |
 | resources.limits | map[string]string |  | Provide Resource limits for the Solr Operator container |
 | resources.requests | map[string]string |  | Provide Resource requests for the Solr Operator container |
-| securityContext | object | `allowPrivilegeEscalation: false, runAsNonRoot: true` | Provide security context for the Solr Operator container |
+| securityContext | object | `allowPrivilegeEscalation: false, runAsNonRoot: true` | Provide a security context for the Solr Operator container |
+| podSecurityContext | object | | Provide a security context for the Solr Operator pod |
 | labels | map[string]string |  | Custom labels to add to the Solr Operator pod |
 | annotations | map[string]string |  | Custom annotations to add to the Solr Operator pod |
 | nodeSelector | map[string]string |  | Add a node selector for the Solr Operator pod, to specify where it can be scheduled |
diff --git a/helm/solr-operator/templates/deployment.yaml b/helm/solr-operator/templates/deployment.yaml
@@ -134,7 +134,10 @@ spec:
       volumes:
         {{- include "solr-operator.mTLS.volumes" . | nindent 8 }}
       {{- end }}
-
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
       {{- if .Values.sidecarContainers }}
       {{ toYaml .Values.sidecarContainers | nindent 6 }}
       {{- end }}
diff --git a/helm/solr-operator/values.yaml b/helm/solr-operator/values.yaml
@@ -84,6 +84,7 @@ securityContext:
 envVars: []
 labels: {}
 annotations: {}
+podSecurityContext: {}
 nodeSelector: {}
 affinity: {}
 tolerations: []
