WGE wkpv3/mccp helm chart installation produces warnings regarding PodSecurity.

[saeedfazal]

helm install my-mccp wkpv3/mccp --version 0.0.20-115-g9340789 --namespace flux-system --set nats.client.service.nodePort=31490 --set agentTemplate.natsURL=10.1.0.106:31490 --set service.ports.https=8000 --set service.targetPorts.https=8000 --set config.git.type=github --set config.git.hostname=github.com --set config.capi.repositoryURL=https://github.com/***/gitops-capi-template-2200524754-6495a9e709b22938 --set config.capi.repositoryPath=./clusters/my-cluster/clusters --set config.cluster.name=kind-management-2200524754-2196 --set config.capi.baseBranch=main --set tls.enabled=false --set config.oidc.enabled=true --set config.oidc.clientCredentialsSecret=client-credentials --set config.oidc.issuerURL=https://dex-01.wge.dev.weave.works --set config.oidc.redirectURL=https://weave.gitops.enterprise.com:30080/oauth2/callback
    W0421 08:09:45.375697    5109 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "event-writer" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "event-writer" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "event-writer" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "event-writer" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
    W0421 08:09:45.377651    5109 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "kube-rbac-proxy" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "kube-rbac-proxy", "manager" must set securityContext.capabilities.drop=["ALL"]), seccompProfile (pod or containers "kube-rbac-proxy", "manager" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
    W0421 08:09:45.378272    5109 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (containers "mount-ui-server", "clusters-service" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "mount-ui-server", "clusters-service" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "mount-ui-server", "clusters-service" must set securityContext.runAsNonRoot=true), seccompProfile (pod or containers "mount-ui-server", "clusters-service" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
    W0421 08:09:45.385084    5109 warnings.go:70] would violate PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "nats" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (container "nats" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or container "nats" must set securityContext.runAsNonRoot=true), seccompProfile (pod or container "nats" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")

[foot]

Similar fixes have been made to the CBC here: https://github.com/weaveworks/cluster-bootstrap-controller/pull/10

Should do something similar

[LappleApple]

Is this still an issue?