From b430a7fd5a0f5cd438b9a32e842dbfa4280f03e7 Mon Sep 17 00:00:00 2001
From: Pratik Degaon <prateekdegaon@icloud.com>
Date: Tue, 25 Nov 2025 15:47:44 +0530
Subject: [PATCH] Add ability to configure node container securityContext

---
 charts/aws-efs-csi-driver/templates/node-daemonset.yaml | 4 +++-
 charts/aws-efs-csi-driver/values.yaml                   | 3 +++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
index 5027aebf7..e51d03f50 100644
--- a/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
+++ b/charts/aws-efs-csi-driver/templates/node-daemonset.yaml
@@ -70,8 +70,10 @@ spec:
       {{- end }}
       containers:
         - name: efs-plugin
+          {{- with .Values.node.containerSecurityContext }}
           securityContext:
-            privileged: true
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
           image: {{ printf "%s:%s" .Values.image.repository (default (printf "v%s" .Chart.AppVersion) (toString .Values.image.tag)) }}
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           args:
diff --git a/charts/aws-efs-csi-driver/values.yaml b/charts/aws-efs-csi-driver/values.yaml
index c3f6d8200..aae307ca8 100644
--- a/charts/aws-efs-csi-driver/values.yaml
+++ b/charts/aws-efs-csi-driver/values.yaml
@@ -219,6 +219,9 @@ node:
     runAsUser: 0
     runAsGroup: 0
     fsGroup: 0
+  # securityContext on the node container
+  containerSecurityContext:
+    privileged: true
   env: []
   volumes: []
   volumeMounts: []