take a look at new pod security warnings

When deploying, with OpenShift 4.11, I get the following warning:

W1013 15:29:22.613598  136837 warnings.go:70] would violate PodSecurity "restricted:v1.24": allowPrivilegeEscalation != false (container "service" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "service" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "service" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "service" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

I think we need to add the following to all pods:

spec:
  securityContext:
    runAsNonRoot: true
    seccompProfile:
      type: RuntimeDefault
  containers:
    - name: some-container
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
            - ALL

I think we should:

Create some include to add this the same way throughout the deployment
Make this configurable somewhere in the values.yaml file, so that we can override it

drogue-iot / drogue-cloud

take a look at new pod security warnings #335