From 4aceb54bbf6eb2acfc6fff404178f7359284fc2a Mon Sep 17 00:00:00 2001
From: Nicolas <nicolas@mathmast.com>
Date: Tue, 2 Sep 2025 18:02:27 +0800
Subject: [PATCH] add securityContext in magicleaps

---
 .../helm-pkg/magicleaps/templates/backend/deployment.yaml   | 4 ++++
 magicleaps/helm-pkg/magicleaps/values.alpha.yaml            | 6 ++++++
 magicleaps/helm-pkg/magicleaps/values.prod.yaml             | 6 ++++++
 magicleaps/helm-pkg/magicleaps/values.yaml                  | 6 ++++++
 4 files changed, 22 insertions(+)

diff --git a/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml b/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml
index b9da6082..a3734fb9 100644
--- a/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml
+++ b/magicleaps/helm-pkg/magicleaps/templates/backend/deployment.yaml
@@ -28,6 +28,10 @@ spec:
         - name: "backend"
           image: "{{ coalesce .Values.backend.image.registry .Values.global.registry "docker.io"}}/{{ coalesce .Values.backend.image.repository .Values.global.repository }}/{{ .Values.backend.image.name }}:{{ .Values.backend.image.tag | default "latest" }}"
           imagePullPolicy: {{ .Values.backend.image.imagePullPolicy | default "IfNotPresent" }}
+          {{- if .Values.backend.securityContext }}
+          securityContext:
+            {{- toYaml .Values.backend.securityContext | nindent 12 }}
+          {{- end }}
           ports:
             {{- range $port := .Values.backend.ports }}
             - containerPort: {{ $port.containerPort }}
diff --git a/magicleaps/helm-pkg/magicleaps/values.alpha.yaml b/magicleaps/helm-pkg/magicleaps/values.alpha.yaml
index 56521d05..e8f56c2b 100644
--- a/magicleaps/helm-pkg/magicleaps/values.alpha.yaml
+++ b/magicleaps/helm-pkg/magicleaps/values.alpha.yaml
@@ -72,6 +72,12 @@ backend:
     name: magicleaps-backend
     tag: snapshot-004a6c7
     imagePullPolicy: IfNotPresent
+  securityContext:
+    privileged: true
+    runAsUser: 0
+    runAsGroup: 0
+    allowPrivilegeEscalation: true
+    readOnlyRootFilesystem: false
   ports:
   - name: http
     containerPort: 8081
diff --git a/magicleaps/helm-pkg/magicleaps/values.prod.yaml b/magicleaps/helm-pkg/magicleaps/values.prod.yaml
index d34b16a9..20cff875 100644
--- a/magicleaps/helm-pkg/magicleaps/values.prod.yaml
+++ b/magicleaps/helm-pkg/magicleaps/values.prod.yaml
@@ -72,6 +72,12 @@ backend:
     name: magicleaps-backend
     tag: 1.0.0
     imagePullPolicy: IfNotPresent
+  securityContext:
+    privileged: true
+    runAsUser: 0
+    runAsGroup: 0
+    allowPrivilegeEscalation: true
+    readOnlyRootFilesystem: false
   ports:
   - name: http
     containerPort: 8081
diff --git a/magicleaps/helm-pkg/magicleaps/values.yaml b/magicleaps/helm-pkg/magicleaps/values.yaml
index 8c3a8f1d..fc5a4b91 100644
--- a/magicleaps/helm-pkg/magicleaps/values.yaml
+++ b/magicleaps/helm-pkg/magicleaps/values.yaml
@@ -73,6 +73,12 @@ backend:
     name: magicleaps-backend
     tag: 1.0.0
     imagePullPolicy: IfNotPresent
+  securityContext:
+    privileged: true
+    runAsUser: 0
+    runAsGroup: 0
+    allowPrivilegeEscalation: true
+    readOnlyRootFilesystem: false
   ports:
     - name: http
       containerPort: 8081