Currently, when set-security-context is enabled, the securityContext for EventListener in the pod template only sets runAsNonRoot. Expanding podTemplate securityContext can make it easier to fulfill restricted pod security standards.
Proposed Enhancement
Extend securityContext to include seccompProfile, runAsUser, runAsGroup, and fsGroup in the pod template for EventListener.
Use case
Makes it possible to have a default securityContext set for injected sidecar containers that does not fulfill restricted pod security standars. An example of this is injected istio containers.
kristofferchr
commented
1 week ago
Feature request
Currently, when
set-security-contextis enabled, thesecurityContextforEventListenerin the pod template only setsrunAsNonRoot. Expanding podTemplatesecurityContextcan make it easier to fulfill restricted pod security standards.Proposed Enhancement
Extend
securityContextto includeseccompProfile,runAsUser,runAsGroup, andfsGroupin the pod template forEventListener.Use case
Makes it possible to have a default
securityContext set for injected sidecar containers that does not fulfill restricted pod security standars. An example of this is injected istio containers.