Currently, when set-security-context is enabled, the securityContext for EventListener in the pod template only sets runAsNonRoot. Expanding podTemplate securityContext can make it easier to fulfill restricted pod security standards.
Proposed Enhancement
Extend securityContext to include seccompProfile, runAsUser, runAsGroup, and fsGroup in the pod template for EventListener.
Use case
Makes it possible to have a default securityContext set for injected sidecar containers that does not fulfill restricted pod security standars. An example of this is injected istio containers.
Feature request
Currently, when
set-security-context
is enabled, thesecurityContext
forEventListener
in the pod template only setsrunAsNonRoot
. Expanding podTemplatesecurityContext
can make it easier to fulfill restricted pod security standards.Proposed Enhancement
Extend
securityContext
to includeseccompProfile
,runAsUser
,runAsGroup
, andfsGroup
in the pod template forEventListener
.Use case
Makes it possible to have a default
securityContex
t set for injected sidecar containers that does not fulfill restricted pod security standars. An example of this is injected istio containers.