This is required for the science platform to run on the upgraded Keel cluster, where PodSecurityPolicy is deprecated and Kyverno is used instead to enforce security policies.
On keel I confirm the science platform has always had allowPrivilegeEscalation: false and RuntimeDefault seccomp profile, but it was applied in a hidden way by PSP, which is no longer possible. Now it must be set explicitly instead.
This is required for the science platform to run on the upgraded Keel cluster, where PodSecurityPolicy is deprecated and Kyverno is used instead to enforce security policies.
On keel I confirm the science platform has always had
allowPrivilegeEscalation: falseand RuntimeDefault seccomp profile, but it was applied in a hidden way by PSP, which is no longer possible. Now it must be set explicitly instead.See https://github.com/opencadc/science-platform/pull/664 for related background info.
Please update and test on keel-dev ASAP.