expose securityContext

charts/descheduler/templates/cronjob.yaml

@@ -81,13 +81,7 @@ spec:
               resources:
                 {{- toYaml .Values.resources | nindent 16 }}
               securityContext:
-                allowPrivilegeEscalation: false
-                capabilities:
-                  drop:
-                    - ALL
-                privileged: false
-                readOnlyRootFilesystem: true
-                runAsNonRoot: true
+                {{- toYaml .Values.securityContext | nindent 16 }}
               volumeMounts:
                 - mountPath: /policy-dir
                   name: policy-volume

charts/descheduler/templates/deployment.yaml

@@ -65,13 +65,7 @@ spec:
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
           securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
-            privileged: false
-            readOnlyRootFilesystem: true
-            runAsNonRoot: true
+            {{- toYaml .Values.securityContext | nindent 12 }}
           volumeMounts:
             - mountPath: /policy-dir
               name: policy-volume

charts/descheduler/values.yaml

@@ -22,6 +22,16 @@ resources:
   #   cpu: 100m
   #   memory: 128Mi
 
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
 nameOverride: ""
 fullnameOverride: ""