From 775379234e8df0528e840df20c8a2f63229c7ff3 Mon Sep 17 00:00:00 2001
From: Tobias Eriksson <tobias.eriksson@svk.se>
Date: Tue, 9 Dec 2025 11:24:32 +0100
Subject: [PATCH 1/2] Add the following configuration options to
 gitlab.podSecurityContextRoot: privileged, allowPrivilegeEscalation,
 runAsNonRoot

---
 templates/_helpers.tpl | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index 219a8c19d1..d7e70ca9b9 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -314,7 +314,7 @@ Defaults to nil
 
 {{/*
 Return the registry database username
-Checks both main chart context (.Values.registry.database.user) and 
+Checks both main chart context (.Values.registry.database.user) and
 subchart context (.Values.database.user) for maximum compatibility.
 Priority: local > global > default ("registry")
 */}}
@@ -330,7 +330,7 @@ Priority: local > global > default ("registry")
 
 {{/*
 Return the registry database name
-Checks both main chart context (.Values.registry.database.name) and 
+Checks both main chart context (.Values.registry.database.name) and
 subchart context (.Values.database.name) for maximum compatibility.
 Priority: local > global > default ("registry")
 */}}
@@ -633,6 +633,15 @@ securityContext:
 {{-   if not (eq $psc.fsGroup nil) }}
   fsGroup: {{ $psc.fsGroup }}
 {{-   end }}
+{{-   if not (eq $psc.privileged nil) }}
+  privileged: {{ $psc.privileged }}
+{{-   end }}
+{{-   if not (eq $psc.allowPrivilegeEscalation nil) }}
+  allowPrivilegeEscalation: {{ $psc.allowPrivilegeEscalation }}
+{{-   end }}
+{{-   if not (eq $psc.runAsNonRoot nil) }}
+  runAsNonRoot: {{ $psc.runAsNonRoot }}
+{{-   end }}
 {{-   if not (eq $psc.fsGroupChangePolicy nil) }}
   fsGroupChangePolicy: {{ $psc.fsGroupChangePolicy }}
 {{-   end }}
-- 
GitLab


From 11600f6f5da2031f2c122539d03927f57979d3c1 Mon Sep 17 00:00:00 2001
From: Tobias Eriksson <tobias.eriksson@svk.se>
Date: Tue, 9 Dec 2025 11:43:05 +0100
Subject: [PATCH 2/2] Add comment.

---
 templates/_helpers.tpl | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl
index d7e70ca9b9..2f48492de9 100644
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@@ -616,7 +616,7 @@ securityContext:
 
 {{/*
 Return a PodSecurityContext definition that allows to it to run as root.
-
+2025-12-09: Support for additional properties
 Usage:
   {{ include "gitlab.podSecurityContextRoot" .Values.securityContext }}
 */}}
-- 
GitLab