adding security context

Mateusz · Mateusz · commit 8705505ef930 · 2026-02-02T13:35:20.000+01:00
diff --git a/charts/netdata/README.md b/charts/netdata/README.md
@@ -984,6 +984,33 @@ false
 </td>
 			<td>Additional init containers to add to the parent pods</td>
 		</tr>
+		<tr>
+			<td>netdataOpentelemetry.securityContext.runAsUser</td>
+			<td>int</td>
+			<td><pre lang="json">
+201
+</pre>
+</td>
+			<td>The UID to run the container process</td>
+		</tr>
+		<tr>
+			<td>netdataOpentelemetry.securityContext.runAsGroup</td>
+			<td>int</td>
+			<td><pre lang="json">
+201
+</pre>
+</td>
+			<td>The GID to run the container process</td>
+		</tr>
+		<tr>
+			<td>netdataOpentelemetry.securityContext.fsGroup</td>
+			<td>int</td>
+			<td><pre lang="json">
+201
+</pre>
+</td>
+			<td>The supplementary group for setting permissions on volumes</td>
+		</tr>
 	</tbody>
 </table>
 <h3>Child</h3>
diff --git a/charts/netdata/templates/netdata-otel/deployment.yaml b/charts/netdata/templates/netdata-otel/deployment.yaml
@@ -37,6 +37,8 @@ spec:
 {{ toYaml . | trim | indent 8 }}
 {{- end }}
     spec:
+      securityContext:
+          fsGroup: {{ .Values.netdataOpentelemetry.securityContext.fsGroup }}
       serviceAccountName: {{ .Values.serviceAccount.name }}
       restartPolicy: Always
       {{- if .Values.netdataOpentelemetry.priorityClassName }}
@@ -122,6 +124,9 @@ spec:
             periodSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.periodSeconds }}
             successThreshold: {{ .Values.netdataOpentelemetry.readinessProbe.successThreshold }}
             timeoutSeconds: {{ .Values.netdataOpentelemetry.readinessProbe.timeoutSeconds }}
+          securityContext:
+            runAsUser: {{ .Values.netdataOpentelemetry.securityContext.runAsUser }}
+            runAsGroup: {{ .Values.netdataOpentelemetry.securityContext.runAsGroup }}
           volumeMounts:
             - name: os-release
               mountPath: /host/etc/os-release
diff --git a/charts/netdata/values.yaml b/charts/netdata/values.yaml
@@ -930,6 +930,17 @@ netdataOpentelemetry:
     # @section -- Netdata OpenTelemetry
     timeoutSeconds: 1
 
+  securityContext:
+    # -- The UID to run the container process
+    # @section -- Parent
+    runAsUser: 201
+    # -- The GID to run the container process
+    # @section -- Parent
+    runAsGroup: 201
+    # -- The supplementary group for setting permissions on volumes
+    # @section -- Parent
+    fsGroup: 201
+
   # -- Duration in seconds the pod needs to terminate gracefully
   # @section -- Netdata OpenTelemetry
   terminationGracePeriodSeconds: 30
