Description
While main components can set pod/container securityContext as needed, it is not settable for spawned statefulsets, where the security context is hardcoded and it is not sufficient for root-less environments.
Would it be possible to make it either settable or provide the rootless option where:
- init container is ommited (cannot do chown without root anyway)
- security context is set to:
securityContext: # Pod security context
fsGroupChangePolicy: OnRootMismatch
runAsNonRoot: true
fsGroup: 1001 # this one will do the initcontainer job if the CSI driver is correctly configured
seccompProfile:
type: RuntimeDefault
and
securityContext: # Container security context
runAsUser: 1001
allowPrivilegeEscalation: false
capabilities
drop:
- ALL
Description
While main components can set pod/container securityContext as needed, it is not settable for spawned statefulsets, where the security context is hardcoded and it is not sufficient for root-less environments.
Would it be possible to make it either settable or provide the rootless option where:
and