feat(#727): add container and pod security context configuration via values

Fuochi · Fuochi · commit 1d03987a8991 · 2025-11-16T22:11:59.000+01:00
diff --git a/charts/cluster/templates/cluster.yaml b/charts/cluster/templates/cluster.yaml
@@ -115,6 +115,16 @@ spec:
     {{- toYaml . | nindent 4 }}
   {{- end }}
 
+  {{- with .Values.cluster.podSecurityContext }}
+  podSecurityContext:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+
+  {{- with .Values.cluster.securityContext }}
+  securityContext:
+    {{- toYaml . | nindent 4 }}
+  {{ end }}
+
   monitoring:
     enablePodMonitor: {{ and .Values.cluster.monitoring.enabled .Values.cluster.monitoring.podMonitor.enabled }}
     disableDefaultQueries: {{ .Values.cluster.monitoring.disableDefaultQueries }}
diff --git a/charts/cluster/values.yaml b/charts/cluster/values.yaml
@@ -391,6 +391,14 @@ cluster:
   # -- Configure the metadata of the generated service account
   serviceAccountTemplate: {}
 
+  # -- Configure the Pod Security Context.
+  # See: https://cloudnative-pg.io/documentation/preview/security/
+  podSecurityContext: {}
+
+  # -- Configure Container Security Context.
+  # See: https://cloudnative-pg.io/documentation/preview/security/
+  securityContext: {}
+
   additionalLabels: {}
   annotations: {}
 
