inveniosoftware · egabancho · Aug 6, 2025 · Jul 8, 2025
diff --git a/charts/invenio/templates/flower/deployment.yaml b/charts/invenio/templates/flower/deployment.yaml
@@ -73,14 +73,10 @@ spec:
               mountPath: /var/celery
             - name: flower-config-volume
               mountPath: /var/flower
-      {{- if .Values.invenio.podSecurityContext.enabled }}
       securityContext:
-        runAsNonRoot: true
-        runAsUser: 1000
-        runAsGroup: 1000
-        seccompProfile:
-          type: "RuntimeDefault"
-      {{- end }}
+        {{- with .Values.flower.securityContext }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
       {{- with .Values.flower.nodeSelector }}
       nodeSelector:
         {{- tpl (toYaml .) $ | nindent 8 -}}

diff --git a/charts/invenio/values.yaml b/charts/invenio/values.yaml
@@ -136,8 +136,6 @@ invenio:
     ## @param invenio.datacite.secret_name DEPRECATED: use invenio.datacite.existingSecret instead
     ##
     secret_name: ""
-  podSecurityContext:
-    enabled: true
   remote_apps:
     enabled: false
     existing_secret: false
@@ -779,6 +777,14 @@ flower:
     #     name: foo
     # - configMapRef:
     #     name: bar
+  ## @param flower.podSecurityContext securityContext for the flower pod
+  ##
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    runAsGroup: 1000
+    seccompProfile:
+      type: "RuntimeDefault"
   ## @param flower.nodeSelector Node labels for flower pods assignment
   ## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
   ##