Allow configuration of securityContext.Privileged explicitly to default value

[hernan-abi]

Describe the feature

Context:

Currently our services using knative serving have their securityContext field, privileged set to nil by default because this field is not allowed to be configured by the user. See: https://github.com/knative/serving/blob/3e45e8f8392bc3baf2baffa153f9787916cbf451/pkg/apis/serving/fieldmask.go#L716 Setting this field to any value results in validation errors similar to the following:

(error: services.serving.knative.dev "xxxxxx" could not be patched: admission webhook "validation.webhook.serving.knative.dev" denied the request: validation failed: must not set the field(s): ...privileged)

The request:

Instead of a default nil, my team and I would like the ability to explicitly set this false. It results in the same behavior however the explicit false is more compliant with our security team and likely with other teams as well.

There was a GH discussion regarding the configuration of this field however it was ultimately decided against. See (https://github.com/knative/serving/issues/4130). The difference in my request is that I'm not requesting actual configuration but rather the ability to explicitly set the default value e.g. false. The same was done previously for the automountServiceAccountToken field. After the merge the value is not actually configurable, but rather is allowed to be set only to false by the user. See: https://github.com/knative/serving/pull/11723#discussion_r676717438

[skonto]

Hi @hernan-abi,

is more compliant with our security team and likely with other teams as well.

Would be interested to list your company in the adopters list here if you already use Knative? Would you be interested in doing the PR?

cc @dprotaso any objection on the issue?