# Configuring Security Context for the connectware-agent Helm Chart

## Configuring Security Context

Connectware agents installed using the `connectware-agent` Helm chart allow changing the security context of executed containers by defining the `securityContext` and `podSecurityContext` sections inside the agents entry in the `protocolMapperAgents` context of your `values.yaml` file.

It is important to note, that the security context required by the agent is dependent on installed services, so any modifications made should be verified to work with your use case.

**Example**

{% code lineNumbers="true" %}

```yaml
protocolMapperAgents:
  - name: bender-robots
    connectwareHost: connectware.cybus # adjust to actual hostname of Connectware
    podSecurityContext:
      runAsUser: 1000
      runAsGroup: 1000
```

{% endcode %}

The difference between `securityContext` and `podSecurityContext` is, that `securityContext` puts restrictions on the container, while `podSecurityContext` puts restrictions on the pod. While this may seem pointless with the agents single container inside its pod, it does play a role when, for example, attaching an ephemeral container to the pod.

## Unsetting Security Context

If you set a securityContext or podSecurityContext in the protocolMapperAgentDefaults section of your `values.yaml` file, you can unset them for individual agents by setting the value of `securityContext` or `podSecurityContext` to `{}` inside the agents entry in the `protocolMapperAgents` context of your `values.yaml`.

**Example**

{% code lineNumbers="true" %}

```yaml
protocolMapperAgentDefaults:
  connectwareHost: connectware.cybus # adjust to actual hostname of Connectware
  podSecurityContext:
    runAsUser: 1000
    runAsGroup: 1000
protocolMapperAgents:
  - name: bender-robots # this agent will run as user & group 1000
  - name: welder-robots # this agent will not run as user & group 1000
    podSecurityContext: {}
```

{% endcode %}