diff --git a/elasticsearch/README.md b/elasticsearch/README.md
index e89f8a87b..357a88ad0 100644
--- a/elasticsearch/README.md
+++ b/elasticsearch/README.md
@@ -99,7 +99,7 @@ helm install --name elasticsearch elastic/elasticsearch --set imageTag=7.3.0
| `updateStrategy` | The [updateStrategy](https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#updating-statefulsets) for the statefulset. By default Kubernetes will wait for the cluster to be green after upgrading each pod. Setting this to `OnDelete` will allow you to manually delete each pod during upgrades | `RollingUpdate` |
| `maxUnavailable` | The [maxUnavailable](https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget) value for the pod disruption budget. By default this will prevent Kubernetes from having more than 1 unhealthy pod in the node group | `1` |
| `fsGroup (DEPRECATED)` | The Group ID (GID) for [securityContext.fsGroup](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) so that the Elasticsearch user can read from the persistent volume | `` |
-| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000` |
+| `podSecurityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod) for the pod | `fsGroup: 1000`
`runAsUser: 1000` |
| `securityContext` | Allows you to set the [securityContext](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container) for the container | `capabilities.drop:[ALL]`
`runAsNonRoot: true`
`runAsUser: 1000` |
| `terminationGracePeriod` | The [terminationGracePeriod](https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods) in seconds used when trying to stop the pod | `120` |
| `sysctlInitContainer.enabled` | Allows you to disable the sysctlInitContainer if you are setting vm.max_map_count with another method | `true` |
diff --git a/elasticsearch/tests/elasticsearch_test.py b/elasticsearch/tests/elasticsearch_test.py
index a4949eef9..385f09e4f 100755
--- a/elasticsearch/tests/elasticsearch_test.py
+++ b/elasticsearch/tests/elasticsearch_test.py
@@ -142,7 +142,9 @@ def test_defaults():
# Other
assert r['statefulset'][uname]['spec']['template']['spec']['securityContext'] == {
- 'fsGroup': 1000}
+ 'fsGroup': 1000,
+ 'runAsUser': 1000
+ }
assert r['statefulset'][uname]['spec']['template']['spec']['terminationGracePeriodSeconds'] == 120
# Pod disruption budget
@@ -743,6 +745,7 @@ def test_set_pod_security_context():
config = ''
r = helm_template(config)
assert r['statefulset'][uname]['spec']['template']['spec']['securityContext']['fsGroup'] == 1000
+ assert r['statefulset'][uname]['spec']['template']['spec']['securityContext']['runAsUser'] == 1000
config = '''
podSecurityContext:
diff --git a/elasticsearch/values.yaml b/elasticsearch/values.yaml
index 78f208849..7a4a51927 100755
--- a/elasticsearch/values.yaml
+++ b/elasticsearch/values.yaml
@@ -144,6 +144,7 @@ maxUnavailable: 1
podSecurityContext:
fsGroup: 1000
+ runAsUser: 1000
# The following value is deprecated,
# please use the above podSecurityContext.fsGroup instead