Please provide a way to apply restrictive security contexts consistently to all chart-managed pods and containers, including init jobs and built-in init containers.
Ideally, the chart could ship restricted-compatible defaults out of the box:
runAsNonRoot: true
allowPrivilegeEscalation: false
capabilities.drop: ["ALL"]
seccompProfile.type: RuntimeDefault
- non-root UID/GID where supported by the image
At minimum, please add values that let users set default pod/container security contexts for every workload and every built-in init container without replacing upstream init container definitions. This would make the chart easier to run in namespaces enforcing Kubernetes restricted Pod Security.
Please provide a way to apply restrictive security contexts consistently to all chart-managed pods and containers, including init jobs and built-in init containers.
Ideally, the chart could ship restricted-compatible defaults out of the box:
runAsNonRoot: trueallowPrivilegeEscalation: falsecapabilities.drop: ["ALL"]seccompProfile.type: RuntimeDefaultAt minimum, please add values that let users set default pod/container security contexts for every workload and every built-in init container without replacing upstream init container definitions. This would make the chart easier to run in namespaces enforcing Kubernetes
restrictedPod Security.