Open JJGadgets opened 9 months ago
As noted in Discord: more consideration and discussion would be needed, for factors such as how global should this be scoped (e.g. all containers in all controllers, all containers in a given controller, etc).
A possible solution could be what I recommended in https://github.com/bjw-s/helm-charts/issues/254#issuecomment-2057012021 ?
I think it should apply to all containers in all controllers, since that is the behavior of defaultPodOptions
Details
Describe the solution you'd like:
Since there is a
defaultPodOptions.securityContext
in app-template v2.0, it would be nice to have adefaultContainerSecurityContext
or similar so that a standardized securityContext can be applied to all containers in a HelmRelease using app-template.This would be helpful for e.g. meeting
restricted
pod-security policy.