feat: add securityContext for exporter, initcontainers and sidecars

api/v1beta2/common_types.go

@@ -60,6 +60,7 @@ type ClusterStorage struct {
 // RedisExporter interface will have the information for redis exporter related stuff
 type RedisExporter struct {
 	common.RedisExporter `json:",inline"`
+	SecurityContext      *corev1.SecurityContext `json:"securityContext,omitempty"`
 }
 
 // TLS Configuration for redis instances
@@ -73,10 +74,11 @@ type ACLConfig struct {
 
 // Sidecar for each Redis pods
 type Sidecar struct {
-	common.Sidecar `json:",inline"`
-	Volumes        *[]corev1.VolumeMount   `json:"mountPath,omitempty"`
-	Command        []string                `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"`
-	Ports          *[]corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
+	common.Sidecar  `json:",inline"`
+	Volumes         *[]corev1.VolumeMount   `json:"mountPath,omitempty"`
+	Command         []string                `json:"command,omitempty" protobuf:"bytes,3,rep,name=command"`
+	Ports           *[]corev1.ContainerPort `json:"ports,omitempty" patchStrategy:"merge" patchMergeKey:"containerPort" protobuf:"bytes,6,rep,name=ports"`
+	SecurityContext *corev1.SecurityContext `json:"securityContext,omitempty"`
 }
 
 // InitContainer for each Redis pods
@@ -88,4 +90,5 @@ type InitContainer struct {
 	EnvVars         *[]corev1.EnvVar             `json:"env,omitempty"`
 	Command         []string                     `json:"command,omitempty"`
 	Args            []string                     `json:"args,omitempty"`
+	SecurityContext *corev1.SecurityContext      `json:"securityContext,omitempty"`
 }

docs/content/en/docs/CRD Reference/Redis API/_index.md

@@ -253,6 +253,7 @@ _Appears in:_
 | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ |  |
 | `imagePullPolicy` _[ImagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy)_ |  |
 | `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core)_ |  |
+| `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podsecuritycontext-v1-core)_ |  |
 
 #### RedisFollower
 
@@ -323,6 +324,7 @@ _Appears in:_
 | `imagePullPolicy` _[ImagePullPolicy](https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy)_ |  |
 | `resources` _[ResourceRequirements](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#resourcerequirements-v1-core)_ |  |
 | `env` _[EnvVar](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#envvar-v1-core)_ |  |
+| `securityContext` _[PodSecurityContext](https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.30/#podsecuritycontext-v1-core)_ |  |
 
 #### Storage
 

k8sutils/redis-cluster.go

@@ -84,6 +84,7 @@ func generateRedisClusterInitContainerParams(cr *redisv1beta2.RedisCluster) init
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 
 		if cr.Spec.Storage != nil {
@@ -171,6 +172,7 @@ func generateRedisClusterContainerParams(cl kubernetes.Interface, logger logr.Lo
 	if cr.Spec.RedisExporter != nil {
 		containerProp.RedisExporterImage = cr.Spec.RedisExporter.Image
 		containerProp.RedisExporterImagePullPolicy = cr.Spec.RedisExporter.ImagePullPolicy
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 
 		if cr.Spec.RedisExporter.Resources != nil {
 			containerProp.RedisExporterResources = cr.Spec.RedisExporter.Resources

k8sutils/redis-replication.go

@@ -145,6 +145,7 @@ func generateRedisReplicationContainerParams(cr *redisv1beta2.RedisReplication)
 	if cr.Spec.RedisExporter != nil {
 		containerProp.RedisExporterImage = cr.Spec.RedisExporter.Image
 		containerProp.RedisExporterImagePullPolicy = cr.Spec.RedisExporter.ImagePullPolicy
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 
 		if cr.Spec.RedisExporter.Resources != nil {
 			containerProp.RedisExporterResources = cr.Spec.RedisExporter.Resources
@@ -188,6 +189,7 @@ func generateRedisReplicationInitContainerParams(cr *redisv1beta2.RedisReplicati
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 
 		if cr.Spec.Storage != nil {

k8sutils/redis-sentinel.go

@@ -132,6 +132,7 @@ func generateRedisSentinelInitContainerParams(cr *redisv1beta2.RedisSentinel) in
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 	}
 	return initcontainerProp
@@ -162,6 +163,7 @@ func generateRedisSentinelContainerParams(ctx context.Context, client kubernetes
 	if cr.Spec.RedisExporter != nil {
 		containerProp.RedisExporterImage = cr.Spec.RedisExporter.Image
 		containerProp.RedisExporterImagePullPolicy = cr.Spec.RedisExporter.ImagePullPolicy
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 
 		if cr.Spec.RedisExporter.Resources != nil {
 			containerProp.RedisExporterResources = cr.Spec.RedisExporter.Resources

k8sutils/redis-standalone.go

@@ -150,6 +150,7 @@ func generateRedisStandaloneContainerParams(cr *redisv1beta2.Redis) containerPar
 		if cr.Spec.RedisExporter.EnvVars != nil {
 			containerProp.RedisExporterEnv = cr.Spec.RedisExporter.EnvVars
 		}
+		containerProp.RedisExporterSecurityContext = cr.Spec.RedisExporter.SecurityContext
 	}
 	if cr.Spec.ReadinessProbe != nil {
 		containerProp.ReadinessProbe = cr.Spec.ReadinessProbe
@@ -186,6 +187,7 @@ func generateRedisStandaloneInitContainerParams(cr *redisv1beta2.Redis) initCont
 			AdditionalEnvVariable: initContainer.EnvVars,
 			Command:               initContainer.Command,
 			Arguments:             initContainer.Args,
+			SecurityContext:       initContainer.SecurityContext,
 		}
 
 		if cr.Spec.Storage != nil {

k8sutils/statefulset.go

@@ -117,6 +117,7 @@ type containerParameters struct {
 	RedisExporterResources       *corev1.ResourceRequirements
 	RedisExporterEnv             *[]corev1.EnvVar
 	RedisExporterPort            *int
+	RedisExporterSecurityContext *corev1.SecurityContext
 	Role                         string
 	EnabledPassword              *bool
 	SecretName                   *string
@@ -145,6 +146,7 @@ type initContainerParameters struct {
 	AdditionalEnvVariable *[]corev1.EnvVar
 	AdditionalVolume      []corev1.Volume
 	AdditionalMountPath   []corev1.VolumeMount
+	SecurityContext       *corev1.SecurityContext
 }
 
 // CreateOrUpdateStateFul method will create or update Redis service
@@ -436,6 +438,7 @@ func generateContainerDef(name string, containerParams containerParameters, clus
 			Name:            sidecar.Name,
 			Image:           sidecar.Image,
 			ImagePullPolicy: sidecar.ImagePullPolicy,
+			SecurityContext: sidecar.SecurityContext,
 		}
 		if sidecar.Command != nil {
 			container.Command = sidecar.Command
@@ -471,6 +474,7 @@ func generateInitContainerDef(name string, initcontainerParams initContainerPara
 			Command:         initcontainerParams.Command,
 			Args:            initcontainerParams.Arguments,
 			VolumeMounts:    getVolumeMount(name, initcontainerParams.PersistenceEnabled, false, false, nil, mountpath, nil, nil),
+			SecurityContext: initcontainerParams.SecurityContext,
 		},
 	}
 
@@ -538,6 +542,7 @@ func enableRedisMonitoring(params containerParameters) corev1.Container {
 				Protocol:      corev1.ProtocolTCP,
 			},
 		},
+		SecurityContext: params.RedisExporterSecurityContext,
 	}
 	if params.RedisExporterResources != nil {
 		exporterDefinition.Resources = *params.RedisExporterResources