From f28d688871461f8b5a7330adf29bb80cb7c15501 Mon Sep 17 00:00:00 2001 From: alexandergott-afk Date: Wed, 13 May 2026 14:22:30 +0200 Subject: [PATCH 1/4] Update values.yaml --- helm/mysql-operator/values.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/helm/mysql-operator/values.yaml b/helm/mysql-operator/values.yaml index 243b70ce..f0827d15 100644 --- a/helm/mysql-operator/values.yaml +++ b/helm/mysql-operator/values.yaml @@ -17,6 +17,25 @@ envs: replicas: 1 +# Pod-level security context +podSecurityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + +# Container-level security context +containerSecurityContext: + capabilities: + drop: + - ALL + runAsUser: 2 + allowPrivilegeEscalation: false + privileged: false + readOnlyRootFilesystem: true + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault + #deployment: #name: mysql-operator ## deployment.name is part of the operator's persistent identity. From cc5cf50cdc956028ea5b1a7ea9346aeab688982a Mon Sep 17 00:00:00 2001 From: alexandergott-afk Date: Wed, 13 May 2026 14:39:12 +0200 Subject: [PATCH 2/4] Update values.yaml --- helm/mysql-operator/values.yaml | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/helm/mysql-operator/values.yaml b/helm/mysql-operator/values.yaml index f0827d15..52cedb7c 100644 --- a/helm/mysql-operator/values.yaml +++ b/helm/mysql-operator/values.yaml @@ -17,17 +17,20 @@ envs: replicas: 1 -# Pod-level security context + +# Pod-level security context for the mysql-operator Pod. +# Required for Kubernetes restricted Pod Security Standard. podSecurityContext: runAsNonRoot: true seccompProfile: type: RuntimeDefault -# Container-level security context +# Container-level security context for the mysql-operator container. +# Required for Kubernetes restricted Pod Security Standard. containerSecurityContext: capabilities: drop: - - ALL + - ALL runAsUser: 2 allowPrivilegeEscalation: false privileged: false From f037ebababdaf74d82ffa3e8817565bf68cc0635 Mon Sep 17 00:00:00 2001 From: alexandergott-afk Date: Wed, 13 May 2026 14:43:33 +0200 Subject: [PATCH 3/4] Update deployment.yaml --- helm/mysql-operator/templates/deployment.yaml | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) diff --git a/helm/mysql-operator/templates/deployment.yaml b/helm/mysql-operator/templates/deployment.yaml index ed71f83e..3906be81 100644 --- a/helm/mysql-operator/templates/deployment.yaml +++ b/helm/mysql-operator/templates/deployment.yaml @@ -39,8 +39,10 @@ spec: labels: {{- include "mysql-operator.deployment.podLabels" . | nindent 8 }} spec: + {{- with .Values.podSecurityContext }} securityContext: - runAsNonRoot: true +{{- toYaml . | nindent 8 }} + {{- end }} {{- if .Values.image.pullSecrets.enabled }} imagePullSecrets: - name: {{ .Values.image.pullSecrets.secretName }} @@ -120,15 +122,10 @@ spec: resources: {{- toYaml . | nindent 12 }} {{- end }} + {{- with .Values.containerSecurityContext }} securityContext: - capabilities: - drop: - - ALL - runAsUser: 2 - allowPrivilegeEscalation: false - privileged: false - readOnlyRootFilesystem: true - runAsNonRoot: true +{{- toYaml . | nindent 12 }} + {{- end }} volumes: - name: mysqlsh-home emptyDir: {} From d1059658a39e734c793f0f8a210fb26bf4941251 Mon Sep 17 00:00:00 2001 From: alexandergott-afk Date: Wed, 13 May 2026 14:46:36 +0200 Subject: [PATCH 4/4] Update values.yaml --- helm/mysql-operator/values.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/helm/mysql-operator/values.yaml b/helm/mysql-operator/values.yaml index 52cedb7c..a54e9785 100644 --- a/helm/mysql-operator/values.yaml +++ b/helm/mysql-operator/values.yaml @@ -17,7 +17,6 @@ envs: replicas: 1 - # Pod-level security context for the mysql-operator Pod. # Required for Kubernetes restricted Pod Security Standard. podSecurityContext: