From a59b763d5649664c11844a0102d0cadb1f30c36b Mon Sep 17 00:00:00 2001
From: bkellam <bshizzle1234@gmail.com>
Date: Wed, 5 Nov 2025 17:32:55 -0800
Subject: [PATCH 1/2] add default pod security context

---
 charts/sourcebot/values.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/charts/sourcebot/values.yaml b/charts/sourcebot/values.yaml
index a04eb80..031e8cb 100644
--- a/charts/sourcebot/values.yaml
+++ b/charts/sourcebot/values.yaml
@@ -93,11 +93,11 @@ sourcebot:
     automount: false
 
   # -- Set the pod-level security context
-  podSecurityContext: {}
-  # runAsUser: 1000
-  # runAsGroup: 1000
-  # runAsNonRoot: true
-  # fsGroup: 1000
+  podSecurityContext:
+    runAsUser: 1500
+    runAsGroup: 1500
+    fsGroup: 1500
+    runAsNonRoot: true
 
   # -- Set the container-level security context
   containerSecurityContext: {}

From 3a44bbf41bd48e47c991bb7476da530df6f62281 Mon Sep 17 00:00:00 2001
From: bkellam <bshizzle1234@gmail.com>
Date: Fri, 7 Nov 2025 10:51:22 -0800
Subject: [PATCH 2/2] update helm docs

---
 charts/sourcebot/README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/charts/sourcebot/README.md b/charts/sourcebot/README.md
index c0142e0..b1dbda0 100644
--- a/charts/sourcebot/README.md
+++ b/charts/sourcebot/README.md
@@ -90,7 +90,7 @@ Sourcebot is a self-hosted tool that helps you understand your codebase.
 | sourcebot.podDisruptionBudget.enabled | bool | `true` | Enable Pod Disruption Budget |
 | sourcebot.podDisruptionBudget.maxUnavailable | int | `1` | Maximum number of pods that can be unavailable |
 | sourcebot.podDisruptionBudget.minAvailable | int | `1` | Minimum number of pods that must be available |
-| sourcebot.podSecurityContext | object | `{}` | Set the pod-level security context |
+| sourcebot.podSecurityContext | object | `{"fsGroup":1500,"runAsGroup":1500,"runAsNonRoot":true,"runAsUser":1500}` | Set the pod-level security context |
 | sourcebot.priorityClassName | string | `""` | Set the priority class name for pods See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ |
 | sourcebot.readinessProbe.failureThreshold | int | `5` | Number of consecutive failures before marking the container as not ready |
 | sourcebot.readinessProbe.httpGet | object | `{"path":"/api/health","port":"http"}` | Http GET request to check if the container is ready |