feat: set runAsNonRoot and seccompProfile where missing (!4605) · Merge requests · GitLab.org / charts / GitLab Chart

What does this MR do?

Sets runAsNonRoot and seccompProfile where missing

runAsNonRoot and seccompProfile are not yet consistently added across the various GitLab services. The attached changes allow GitLab to run in a security constrained namespace with Pod Security Admission set to restricted pod-security.kubernetes.io/enforce: restricted).

Related issues

Author checklist

For general guidance, please follow our Contributing guide.

Required

For anything in this list which will not be completed, please provide a reason in the MR discussion.

Merge Request Title and Description are up to date, accurate, and descriptive.
MR targeting the appropriate branch.
MR has a green pipeline.
Documentation created/updated.
Tests added/updated, and test plan for scenarios not covered by automated tests.
Equivalent MR/issue for omnibus-gitlab opened.

Reviewers checklist

MR has a green pipeline on https://gitlab.com/gitlab-org/charts/gitlab.
Consider downstream impact to the Operator, as per evaluating impact from changes to GitLab chart.

Edited Nov 14, 2025 by Clemens Beck

feat: set runAsNonRoot and seccompProfile where missing

What does this MR do?

Related issues

Author checklist

Required

Reviewers checklist

Merge request reports