Falcon Sensor helm chart to support additional securityContext flags via values

[cneepa]

We are using kyverno to enforce some policies for every workload running in our Kubernetes clusters. As confirmed probably the falcon sensor requires those privileged, root access to operate, which we understand. But we tried explicitly setting the seccompprofile to Runtime Default to comply with Kyverno. But just for doing that we had to modify the template, was not doable via values.yaml. Just for that small change we have to pull the chart, modify the templates which is a bit of an overhead in the long run. We want to be able to use the remote chart as dependency and add things like network policies, sealed secrets etc. on top.

Just adding something like this

        {{- if .Values.node.daemonset.containerSecurityContext }}
          {{- toYaml .Values.node.daemonset.containerSecurityContext | nindent 10}}
        {{- else }}

at https://github.com/CrowdStrike/falcon-helm/blob/afeb85dc041d4fe4f2dffe00cb1fce12764f83ab/helm-charts/falcon-sensor/templates/daemonset.yaml#L123 and something equivalent to initContainers will help us uset hechart without having to modify the templates.

[redhatrises]

Hello,

We don't support modification of the the securityContext as every securitycontext has to be tested internally. We also don't support setting seccomp policies as not only do they not work for privileged mode, but they also are disabled for many k8s distros/container runtimes for privileged workloads. Privileged containers run as Unconfined in seccomp.

[redhatrises]

Closing this as the supported securityContexts have been added in #263