From dde68cfb3429f39c538178693bd1c26d8d956109 Mon Sep 17 00:00:00 2001
From: Benjamin Desrousseaux <benjamin.desrousseaux@gmx.fr>
Date: Sun, 14 Sep 2025 12:33:26 +0200
Subject: [PATCH] Fix security context comparison logic in StatefulSet

---
 pkg/cluster/cluster.go | 12 +++++++++---
 1 file changed, 9 insertions(+), 3 deletions(-)

diff --git a/pkg/cluster/cluster.go b/pkg/cluster/cluster.go
index e9a691faa..4b3c0247e 100644
--- a/pkg/cluster/cluster.go
+++ b/pkg/cluster/cluster.go
@@ -530,9 +530,15 @@ func (c *Cluster) compareStatefulSetWith(statefulSet *appsv1.StatefulSet) *compa
 		reasons = append(reasons, "new statefulset's pod template metadata annotations does not match "+reason)
 	}
 	if !reflect.DeepEqual(c.Statefulset.Spec.Template.Spec.SecurityContext, statefulSet.Spec.Template.Spec.SecurityContext) {
-		needsReplace = true
-		needsRollUpdate = true
-		reasons = append(reasons, "new statefulset's pod template security context in spec does not match the current one")
+		//needsReplace = true
+		//needsRollUpdate = true
+		//reasons = append(reasons, "new statefulset's pod template security context in spec does not match the current one")
+		if reflect.ValueOf(statefulSet.Spec.Template.Spec.SecurityContext.SeccompProfile).IsNil() {
+			} else {
+				needsReplace = true
+				needsRollUpdate = true
+				reasons = append(reasons, "new statefulset's pod template security context in spec does not match the current one")
+			}
 	}
 	if len(c.Statefulset.Spec.VolumeClaimTemplates) != len(statefulSet.Spec.VolumeClaimTemplates) {
 		needsReplace = true