Security context user/group ist ignored when defined on pod level.

[maybedino]

In kubernetes, security context can be set for a pod (will be used as the default for all containers) or for each container.

This commit 0b6f25b37d78a0138d0f6eeff0a3d79202362d16 added default values for container security context user and group. But it applies these default values even if they are already set for the pod. Because of that, the user and group set for the pod are always ignored.

I'm not sure if this was intended, but it seems strange that there is now a settings that does nothing, and it can lead to unexpected behavior. If you want to set default values for security reasons, maybe it would be better to just set them for the pod?

[vinayak-kukreja]

Hey, @maybedino, the defaults were removed as part of this PR: https://github.com/cdk8s-team/cdk8s-plus/pull/1437. Let me know if you still are facing an issue.

We need to investigate on our end how to add these defaults is a better way. Meanwhile, hopefully this unblocks you.

[github-actions[bot]]

This issue has not received a response in a while and will be closed soon. If you want to keep it open, please leave a comment below @mentioning a maintainer.

[maybedino]

We have since moved to setting security contexts for every container. But I did a quick test and it looks like the issue is fixed!