This creates three security context constraints objects now, one for each Alloy instance. The code does template once and invokes that template three times (the logs template will enable hostpath permissions if it's using volume based log gathering)
It does not set the user id to non-root.
It does add a set of capabilities that was listed in another issue. At some point, I'll need to sync with the alloy team for the minimal set required here.
This creates three security context constraints objects now, one for each Alloy instance. The code does template once and invokes that template three times (the logs template will enable hostpath permissions if it's using volume based log gathering)
It does not set the user id to non-root.
It does add a set of capabilities that was listed in another issue. At some point, I'll need to sync with the alloy team for the minimal set required here.