bitnami · dakr0013 · Jun 5, 2026
@@ -5,22 +5,24 @@ Sealed Secrets are "one-way" encrypted K8s Secrets that can be created by anyone
 <!-- START doctoc generated TOC please keep comment here to allow auto update -->
 <!-- DON'T EDIT THIS SECTION, INSTEAD RE-RUN doctoc TO UPDATE -->
 
-- [TL;DR](#tldr)
-- [Introduction](#introduction)
-- [Prerequisites](#prerequisites)
-- [Installing the Chart](#installing-the-chart)
-- [Uninstalling the Chart](#uninstalling-the-chart)
-- [Parameters](#parameters)
-  - [Common parameters](#common-parameters)
-  - [Sealed Secrets Parameters](#sealed-secrets-parameters)
-  - [Traffic Exposure Parameters](#traffic-exposure-parameters)
-  - [Other Parameters](#other-parameters)
-  - [Metrics parameters](#metrics-parameters)
-- [Using kubeseal](#using-kubeseal)
-- [Configuration and installation details](#configuration-and-installation-details)
-- [Troubleshooting](#troubleshooting)
-- [Upgrading](#upgrading)
-  - [To 2.0.0](#to-200)
+- [Sealed Secrets](#sealed-secrets)
+  - [TL;DR](#tldr)
+  - [Introduction](#introduction)
+  - [Prerequisites](#prerequisites)
+  - [Installing the Chart](#installing-the-chart)
+  - [Uninstalling the Chart](#uninstalling-the-chart)
+  - [Parameters](#parameters)
+    - [Common parameters](#common-parameters)
+    - [Sealed Secrets Parameters](#sealed-secrets-parameters)
+    - [Traffic Exposure Parameters](#traffic-exposure-parameters)
+    - [Other Parameters](#other-parameters)
+    - [Metrics parameters](#metrics-parameters)
+    - [PodDisruptionBudget Parameters](#poddisruptionbudget-parameters)
+  - [Using kubeseal](#using-kubeseal)
+  - [Configuration and installation details](#configuration-and-installation-details)
+  - [Troubleshooting](#troubleshooting)
+  - [Upgrading](#upgrading)
+    - [To 2.0.0](#to-200)
 
 <!-- END doctoc generated TOC please keep comment here to allow auto-update -->
 
@@ -136,10 +138,12 @@ The command removes all the Kubernetes components associated with the chart and
 | `resources.requests`                              | The requested resources for the Sealed Secret containers                                                           | `{}`                                |
 | `podSecurityContext.enabled`                      | Enabled Sealed Secret pods' Security Context                                                                       | `true`                              |
 | `podSecurityContext.fsGroup`                      | Set Sealed Secret pod's Security Context fsGroup                                                                   | `65534`                             |
+| `podSecurityContext.seccompProfile.type`          | Set Sealed Secret pod's Security Context seccomp profile type                                                      | `RuntimeDefault`                    |
 | `containerSecurityContext.enabled`                | Enabled Sealed Secret containers' Security Context                                                                 | `true`                              |
 | `containerSecurityContext.readOnlyRootFilesystem` | Whether the Sealed Secret container has a read-only root filesystem                                                | `true`                              |
 | `containerSecurityContext.runAsNonRoot`           | Indicates that the Sealed Secret container must run as a non-root user                                             | `true`                              |
 | `containerSecurityContext.runAsUser`              | Set Sealed Secret containers' Security Context runAsUser                                                           | `1001`                              |
+| `containerSecurityContext.allowPrivilegeEscalation` | Set Sealed Secret containers' privilege escalation                                                               | `false`                             |
 | `containerSecurityContext.capabilities`           | Adds and removes POSIX capabilities from running containers (see `values.yaml`)                                    |                                     |
 | `podLabels`                                       | Extra labels for Sealed Secret pods                                                                                | `{}`                                |
 | `podAnnotations`                                  | Annotations for Sealed Secret pods                                                                                 | `{}`                                |

@@ -195,16 +195,20 @@ resources:
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 ## @param podSecurityContext.enabled Enabled Sealed Secret pods' Security Context
 ## @param podSecurityContext.fsGroup Set Sealed Secret pod's Security Context fsGroup
+## @param podSecurityContext.seccompProfile.type Set Sealed Secret pod's Security Context seccomp profile type
 ##
 podSecurityContext:
   enabled: true
   fsGroup: 65534
+  seccompProfile:
+    type: RuntimeDefault
 ## Configure Container Security Context
 ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
 ## @param containerSecurityContext.enabled Enabled Sealed Secret containers' Security Context
 ## @param containerSecurityContext.readOnlyRootFilesystem Whether the Sealed Secret container has a read-only root filesystem
 ## @param containerSecurityContext.runAsNonRoot Indicates that the Sealed Secret container must run as a non-root user
 ## @param containerSecurityContext.runAsUser Set Sealed Secret containers' Security Context runAsUser
+## @param containerSecurityContext.allowPrivilegeEscalation Set Sealed Secret containers' privilege escalation
 ## @extra containerSecurityContext.capabilities Adds and removes POSIX capabilities from running containers (see `values.yaml`)
 ## @skip  containerSecurityContext.capabilities.drop
 ##
@@ -213,6 +217,7 @@ containerSecurityContext:
   readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1001
+  allowPrivilegeEscalation: false
   capabilities:
     drop:
       - ALL