From 4750045e1786c2dad690bca226d17f527d7c2f4d Mon Sep 17 00:00:00 2001
From: Piyush Darshan <piyush.darshan@nielsen.com>
Date: Mon, 2 Feb 2026 02:22:44 +0530
Subject: [PATCH] allow securityContext configuration on kube-rbac-proxy
 container

- Add securityContext option under kube_rbac_proxy in values.yaml
- Replace hardcoded securityContext with template reference in deployment.yaml

Fixes #238
---
 chart/templates/deployment.yaml | 5 +----
 chart/values.yaml               | 5 +++++
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
index 6bb2e251..56d4e330 100644
--- a/chart/templates/deployment.yaml
+++ b/chart/templates/deployment.yaml
@@ -66,10 +66,7 @@ spec:
               cpu: 5m
               memory: 64Mi
           securityContext:
-            allowPrivilegeEscalation: false
-            capabilities:
-              drop:
-                - ALL
+            {{- toYaml .Values.kube_rbac_proxy.securityContext | nindent 12 }}
         - args:
             - --health-probe-bind-address=:8081
             - --metrics-bind-address=127.0.0.1:8080
diff --git a/chart/values.yaml b/chart/values.yaml
index 72792c88..31e8c8fa 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -24,6 +24,11 @@ kube_rbac_proxy:
     repository: gcr.io/kubebuilder/kube-rbac-proxy
     pullPolicy: IfNotPresent
     tag: "v0.13.1"
+  securityContext:
+    allowPrivilegeEscalation: false
+    capabilities:
+      drop:
+        - ALL
 
 imagePullSecrets: []
 nameOverride: ""