feat(security): Add securityContext and volumeMounts to the container configuration, add volumes to the deployment configuration (#2113)

* feat(security): Add securityContext and volumeMounts to the container configuration, add volumes to the deployment configuration

Signed-off-by: Anatolii Bazko <abazko@redhat.com>
Signed-off-by: Piotr Karatkevich <Piotr_Karatkevich@epam.com>
Co-authored-by: Anatolii Bazko <abazko@redhat.com>

Author: karatkep

api/v2/checluster_types.go

@@ -763,6 +763,10 @@ type Deployment struct {
 	// The pod tolerations of the component pod limit where the pod can run.
 	// +optional
 	Tolerations []corev1.Toleration `json:"tolerations,omitempty"`
+	// List of volumes that can be mounted by containers belonging to the pod.
+	// Entries are merged by volume name (same semantics as container volumeMounts); unknown names are appended, matching names replace the default volume definition.
+	// +optional
+	Volumes []corev1.Volume `json:"volumes,omitempty"`
 }
 
 // Container custom settings.
@@ -783,6 +787,12 @@ type Container struct {
 	// List of environment variables to set in the container.
 	// +optional
 	Env []corev1.EnvVar `json:"env,omitempty"`
+	// Security options the container should run with. When set, fields are merged into the container security context (same semantics as resources).
+	// +optional
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
+	// Pod volumes to mount into the container's filesystem. Entries are merged by volume mount name (same semantics as env).
+	// +optional
+	VolumeMounts []corev1.VolumeMount `json:"volumeMounts,omitempty"`
 }
 
 // Describes the compute resource requirements.

api/v2/zz_generated.deepcopy.go

@@ -86,7 +86,7 @@ metadata:
     categories: Developer Tools
     certified: "false"
     containerImage: quay.io/eclipse/che-operator:next
-    createdAt: "2026-04-02T11:48:45Z"
+    createdAt: "2026-04-07T15:15:43Z"
     description: A Kube-native development solution that delivers portable and collaborative
       developer workspaces.
     features.operators.openshift.io/cnf: "false"
@@ -108,7 +108,7 @@ metadata:
     operatorframework.io/arch.amd64: supported
     operatorframework.io/arch.arm64: supported
     operatorframework.io/os.linux: supported
-  name: eclipse-che.v7.117.0-958.next
+  name: eclipse-che.v7.117.0-970.next
   namespace: placeholder
 spec:
   apiservicedefinitions: {}
@@ -1144,7 +1144,7 @@ spec:
       name: gateway-authorization-sidecar-k8s
     - image: quay.io/che-incubator/header-rewrite-proxy:latest
       name: gateway-header-sidecar
-  version: 7.117.0-958.next
+  version: 7.117.0-970.next
   webhookdefinitions:
     - admissionReviewVersions:
         - v1