rabbitmq · MirahImage · Oct 8, 2025 · Oct 8, 2025 · Oct 8, 2025
diff --git a/docs/examples/default-security-context/rabbitmq.yaml b/docs/examples/default-security-context/rabbitmq.yaml
@@ -9,7 +9,9 @@ spec:
         template:
           spec:
             securityContext: {}
-            containers: []
+            containers:
+            - name: rabbitmq
+              securityContext: {}
             initContainers:
             - name: setup-container
               securityContext: {}
diff --git a/internal/resource/statefulset.go b/internal/resource/statefulset.go
@@ -296,7 +296,7 @@ func patchPodSpec(podSpec, podSpecOverride *corev1.PodSpec) (corev1.PodSpec, err
 		patchedPodSpec.Containers[0].ReadinessProbe = rmqContainer.ReadinessProbe
 	}
 
-	// A user may wish to override the controller-set securityContext for the RabbitMQ & init containers so that the
+	// A user may wish to override the controller-set securityContext for the RabbitMQ, init containers, and containers so that the
 	// container runtime can override them. If the securityContext has been set to an empty struct, `strategicpatch.StrategicMergePatch`
 	// won't pick this up, so manually override it here.
 	if podSpecOverride.SecurityContext != nil && reflect.DeepEqual(*podSpecOverride.SecurityContext, corev1.PodSecurityContext{}) {
@@ -307,6 +307,11 @@ func patchPodSpec(podSpec, podSpecOverride *corev1.PodSpec) (corev1.PodSpec, err
 			patchedPodSpec.InitContainers[i].SecurityContext = nil
 		}
 	}
+	for i := range podSpecOverride.Containers {
+		if podSpecOverride.Containers[i].SecurityContext != nil && reflect.DeepEqual(*podSpecOverride.Containers[i].SecurityContext, corev1.SecurityContext{}) {
+			patchedPodSpec.Containers[i].SecurityContext = nil
+		}
+	}
 
 	return patchedPodSpec, nil
 }

diff --git a/internal/resource/statefulset_test.go b/internal/resource/statefulset_test.go
@@ -2154,6 +2154,12 @@ default_pass = {{ .Data.data.password }}
 											SecurityContext: &corev1.SecurityContext{},
 										},
 									},
+									Containers: []corev1.Container{
+										{
+											Name:            "rabbitmq",
+											SecurityContext: &corev1.SecurityContext{},
+										},
+									},
 								},
 							},
 						},
@@ -2168,6 +2174,7 @@ default_pass = {{ .Data.data.password }}
 
 					Expect(statefulSet.Spec.Template.Spec.SecurityContext).To(BeNil())
 					Expect(statefulSet.Spec.Template.Spec.InitContainers[0].SecurityContext).To(BeNil())
+					Expect(statefulSet.Spec.Template.Spec.Containers[0].SecurityContext).To(BeNil())
 
 				})