hazelcast
Run hazelcast in restricted Pod Security Standard namespace
Hello,
this issue refers to the closed issue #425. That issue was opened and immediately closed as completed. But I do not see any changes in the mentioned chart templates. If I look at the first and second usage of .Values.securityContext.enabled, I see that there are variables, that can be overridden by the user. But there seems to be no obvious way to add custom settings to the securityContext. When I deploy the chart with the default values into a "normal", unrestricted namespace (without any labels), this works as expected. But if I try to set the Pod Security Standard on this namespace to restricted using the recommended command
kubectl label --dry-run=server --overwrite ns testing pod-security.kubernetes.io/enforce=restricted
I get a warning saying:
Warning: demo-hazelcast-0 (and 2 other pods): seccompProfile
This is, because the securityContext is missing the required seccompProfile setting. Now issue #425 unfortunately does not provide any further information how that can be accomplished. I would be required to add something like
template:
spec:
containers:
securityContext:
seccompProfile:
type: RuntimeDefault
to the existing settings, but the current charts seems to not provide such an enhancement. Could you please elaborate how I can add the seccompProfile-setting?
