adding security context

Mateusz · Mateusz · commit abfbb327137e · 2026-02-02T13:34:23.000+01:00
diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml
@@ -37,6 +37,8 @@ spec:
 {{ toYaml . | trim | indent 8 }}
 {{- end }}
     spec:
+      securityContext:
+          fsGroup: {{ .Values.netdataOpentelemetry.securityContext.fsGroup }}
       serviceAccountName: {{ .Values.serviceAccount.name }}
       restartPolicy: Always
       {{- if .Values.netdataOpentelemetry.priorityClassName }}
@@ -122,6 +124,9 @@ spec:
             periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }}
             timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }}
+          securityContext:
+            runAsUser: {{ .Values.netdataOpentelemetry.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.netdataOpentelemetry.securityContext.runAsGroup }}
           volumeMounts:
             - name: os-release
               mountPath: /host/etc/os-release
diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml
@@ -930,6 +930,17 @@ netdataOpentelemetry:
     # @section -- Netdata OpenTelemetry
     timeoutSeconds: 1
 
+  securityContext:
+    # -- The UID to run the container process
+    # @section -- Parent
+    runAsUser: 201
+    # -- The GID to run the container process
+    # @section -- Parent
+    runAsGroup: 201
+    # -- The supplementary group for setting permissions on volumes
+    # @section -- Parent
+    fsGroup: 201
+
   # -- Duration in seconds the pod needs to terminate gracefully
   # @section -- Netdata OpenTelemetry
   terminationGracePeriodSeconds: 30
