Skip to content

feat(helm): improve restricted security context support #42110

Description

@attilaolah

Please provide a way to apply restrictive security contexts consistently to all chart-managed pods and containers, including init jobs and built-in init containers.

Ideally, the chart could ship restricted-compatible defaults out of the box:

  • runAsNonRoot: true
  • allowPrivilegeEscalation: false
  • capabilities.drop: ["ALL"]
  • seccompProfile.type: RuntimeDefault
  • non-root UID/GID where supported by the image

At minimum, please add values that let users set default pod/container security contexts for every workload and every built-in init container without replacing upstream init container definitions. This would make the chart easier to run in namespaces enforcing Kubernetes restricted Pod Security.

Metadata

Metadata

Assignees

No one assigned

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions