hardcoded pod security context in redis statefulset template

[crispysipper]

Hello,

At our organization we use custom Redis images and we noticed problems when bootstrapping harbor with the helm chart. Specifically it appears there is a permissions issue in the Redis pod, unable to write to the /data directory, which understandably causes the registry service to fail as well.

redis pod:

12:C 17 Oct 2025 18:43:27.046 # Failed opening the temp RDB file temp-12.rdb (in server root dir /data) for saving: Permission denied
1:M 17 Oct 2025 18:43:27.146 # Background saving error

registry logs:

time="2025-10-17T18:54:30.492222376Z" level=info msg="redis not configured" go.version=go1.25.1 instance.id=dd98d868-0af6-4343-9db0-b78d12e9bf39 service=registry version=3.0.0
panic: redis configuration required to use for layerinfo cache

goroutine 1 [running]:
github.com/distribution/distribution/v3/registry/handlers.NewApp({0x235b680, 0xc000028e10}, 0xc000051908)
	github.com/distribution/distribution/v3/registry/handlers/app.go:288 +0x1ed0
github.com/distribution/distribution/v3/registry.NewRegistry({0x235b680?, 0xc000028270?}, 0xc000051908)
	github.com/distribution/distribution/v3/registry/registry.go:150 +0x56
github.com/distribution/distribution/v3/registry.init.func1(0x3525940, {0xc0006967e0, 0x1, 0x1})
	github.com/distribution/distribution/v3/registry/registry.go:119 +0x106
github.com/spf13/cobra.(*Command).execute(0x3525940, {0xc0006967a0, 0x1, 0x1})
	github.com/spf13/cobra@v1.8.0/command.go:987 +0xb1b
github.com/spf13/cobra.(*Command).ExecuteC(0x3525c20)
	github.com/spf13/cobra@v1.8.0/command.go:1115 +0x44f
github.com/spf13/cobra.(*Command).Execute(0xc000002380?)
	github.com/spf13/cobra@v1.8.0/command.go:1039 +0x13
main.main()
	github.com/distribution/distribution/v3/cmd/registry/main.go:26 +0x1a

The culprit is a hardcoded pod security context here:

https://github.com/goharbor/harbor-helm/blob/main/templates/redis/statefulset.yaml#L33

    spec:
      securityContext:
        runAsUser: 999
        fsGroup: 999

Is there a reason this is hardcoded?

thanks in advance

[MinerYang]

Cause it is to make sure you are consuming our built and shipped redis image as internal redis server.
If you wish to customize the redis service, you would better config external redis.
https://github.com/goharbor/harbor/blob/4d3c0232b5d2ec7696e5486be3bbd4507b66f1ed/make/photon/redis/Dockerfile.base#L5