Add option to define pod level SecurityContext

blakeblackshear · billimek · Mar 1, 2025 · Feb 11, 2025 · Feb 28, 2025 · Feb 28, 2025
commit d19c2dcf67ae03b1df89430453af72560ee7b443
diff --git a/charts/frigate/templates/deployment.yaml b/charts/frigate/templates/deployment.yaml
@@ -33,6 +33,10 @@ spec:
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
     {{- end }}
+    {{- if .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+    {{- end }}
     {{- if or .Values.extraInitContainers (and .Values.persistence.config.enabled .Values.persistence.config.ephemeralWritableConfigYaml) }}
       initContainers:
       {{- with .Values.extraInitContainers }}

diff --git a/charts/frigate/values.yaml b/charts/frigate/values.yaml
@@ -252,7 +252,7 @@ resources: {}
   #   memory: 128Mi
   #   gpu.intel.com/i915: 1
 
-# -- Set Security Context
+# -- Set Frigate Container Security Context
 securityContext: {}
   # capabilities:
   #   drop:
@@ -262,6 +262,19 @@ securityContext: {}
   # runAsUser: 1000
   # privileged: true
 
+# -- Set Pod level Security Context
+# -- the container level securiy context defined above
+# -- will override it for frigate container
+podSecurityContext: {}
+  # capabilities:
+  #   drop:
+  #   - ALL
+  # readOnlyRootFilesystem: true
+  # runAsNonRoot: true
+  # runAsUser: 1000
+  # fsGroup: 1000
+  # privileged: true
+
 # -- Node Selector configuration
 nodeSelector: {}