Many companies have a security requirement in place that all containers must have a read-only file system and not allow privileged escalation. Please set this (Or allow it to be set) on all containers. This would mean either adding it yourself or adding it to any CRDs that end up creating containers so the user can set it. Note this is at the container level, not the pod level. I have created a separate feature request for the pod security content.
In response to [this](https://github.com/knative/serving-operator/issues/385#issuecomment-610511353):
>We're going to track this in https://github.com/knative-sandbox/operator/issues/4 and address it comprehensively rather than on a per-repo basis.
>
>/close
Instructions for interacting with me using PR comments are available [here](https://git.k8s.io/community/contributors/guide/pull-requests.md). If you have questions or suggestions related to my behavior, please file an issue against the [kubernetes/test-infra](https://github.com/kubernetes/test-infra/issues/new?title=Prow%20issue:) repository.
Many companies have a security requirement in place that all containers must have a read-only file system and not allow privileged escalation. Please set this (Or allow it to be set) on all containers. This would mean either adding it yourself or adding it to any CRDs that end up creating containers so the user can set it. Note this is at the container level, not the pod level. I have created a separate feature request for the pod security content.
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
See the pod security context example below for what is required to be set.
Related Feature Request: https://github.com/knative/eventing/issues/2882