From 27bf1c0857377c5c59132e8c344d52e728c181ef Mon Sep 17 00:00:00 2001
From: Felix Kunde <felix.kunde@zalando.de>
Date: Fri, 5 Jun 2020 17:45:35 +0200
Subject: [PATCH] trigger rolling update when securityContext of PodTemplate
 changes

---
 pkg/cluster/cluster.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go
index 9538b4ab1..275a51042 100644
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@@ -455,6 +455,12 @@ func (c *Cluster) compareStatefulSetWith(statefulSet *appsv1.StatefulSet) *compa
 		needsRollUpdate = true
 		reasons = append(reasons, "new statefulset's pod template metadata annotations doesn't match the current one")
 	}
+	if !reflect.DeepEqual(c.Statefulset.Spec.Template.Spec.SecurityContext, statefulSet.Spec.Template.Spec.SecurityContext) {
+		match = false
+		needsReplace = true
+		needsRollUpdate = true
+		reasons = append(reasons, "new statefulset's pod template security context in spec doesn't match the current one")
+	}
 	if len(c.Statefulset.Spec.VolumeClaimTemplates) != len(statefulSet.Spec.VolumeClaimTemplates) {
 		needsReplace = true
 		reasons = append(reasons, "new statefulset's volumeClaimTemplates contains different number of volumes to the old one")