Skip to content

feat: support setting pod security context for controller manager#1286

Closed
niklastreml wants to merge 1 commit intomondoohq:mainfrom
niklastreml:main
Closed

feat: support setting pod security context for controller manager#1286
niklastreml wants to merge 1 commit intomondoohq:mainfrom
niklastreml:main

Conversation

@niklastreml
Copy link
Copy Markdown

@niklastreml niklastreml commented Dec 3, 2025

Changes

This pull request updates how security contexts are configured for the controller manager in the mondoo-operator Helm chart.

Security context configuration improvements:

  • The deployment.yaml template now sets the pod-level securityContext using the new .Values.controllerManager.manager.podSecurityContext value, instead of hardcoding runAsNonRoot: true. This allows for easier customization and consistency across deployments.
  • The values.yaml file introduces a new podSecurityContext section under controllerManager.manager, with runAsNonRoot: true as the default, enabling users to override pod-level security settings as needed.

We need this feature to be able to rollout mondoo in our environment, which has quite restrictive policies, that require setting more things in pod security context.

@niklastreml
feat: support setting security context for controller manager
962c637 
Signed-off-by: Niklas Treml <treml.niklas@gmail.com>
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 3, 2025
edited
Loading

All contributors have signed the CLA ✍️ ✅
Posted by the CLA Assistant Lite bot.

@philipbalinov
Copy link
Copy Markdown
Contributor

philipbalinov commented Dec 3, 2025

LGTM, thank you @niklastreml - can you please accept the Mondoo CLA so we can unblock merge

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 3, 2025

Test Results

0 tests  ±0   0 ✅ ±0   0s ⏱️ ±0s
0 suites ±0   0 💤 ±0 
0 files   ±0   0 ❌ ±0 

Results for commit 962c637. ± Comparison against base commit 638d2e1.

@niklastreml
Copy link
Copy Markdown
Author

niklastreml commented Dec 3, 2025

I have read the Mondoo CLA Document and I hereby sign the CLA

@niklastreml
Copy link
Copy Markdown
Author

niklastreml commented Dec 3, 2025

recheck

@philipbalinov
Copy link
Copy Markdown
Contributor

philipbalinov commented Dec 4, 2025

recheck

@imilchev
Copy link
Copy Markdown
Member

imilchev commented Dec 12, 2025
edited
Loading

We cannot merge this change. We use helmify to generate the helm chart. If we merge your change and re-run helmify, the change will be lost again. I already noticed that a newer version of helmify supports exposing the securityContext in the helm chart values. I need more time to test this though and make sure that it doesn't break anything else.
I will try to have a solution for you some time next week

@imilchev imilchev mentioned this pull request Dec 15, 2025
Merged
@imilchev
Copy link
Copy Markdown
Member

imilchev commented Dec 15, 2025

@niklastreml I believe your request should be covered by the changes I introduced in #1317. The plan is to do a new mondoo-operator release later today or tomorrow, which should include the change. I will close this PR for now but in case your issue is not resolved with our new release, feel free to open an issue

@imilchev imilchev closed this Dec 15, 2025
@github-actions github-actions Bot locked and limited conversation to collaborators Dec 15, 2025
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@philipbalinov philipbalinov philipbalinov approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@niklastreml @philipbalinov @imilchev