configuration for securityContext in the CRD for all pods created by operator 

## Problem Statement
I want to be able to set `securityContext` so pods can be set up to run as NonRoot for security reasons. There are a couple of places where there is no such configuration possible, although there do not seem to be obvious restrictions. Example: the CruiseControler monitoring config init-container is configured using [.spec.monitoringConfig](https://banzaicloud.github.io/koperator-docs/docs/configurations/crd/kafkaclusters.kafka.banzaicloud.io/#v1beta1-.spec.monitoringConfig) which [does not support a securityContext](https://github.com/banzaicloud/koperator/blob/master/pkg/resources/kafka/pod.go#L188-L198). There are most likely other places where security configuration is not possible to add. 

## Proposed Solution

Add ability to configure the `securityContext` to all containers and init-containers created by the operator.

## Alternatives Considered

Ideally it would be to have the ability to configure  the `KafkaCluster` CR so that it would pass the `restricted` profile of [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/).

## Additional Context

A similar initiative is tracked in https://github.com/banzaicloud/koperator/issues/430 and https://github.com/banzaicloud/koperator/issues/138 and implemented in https://github.com/banzaicloud/koperator/pull/527 but does not covered all scenarios (see above described scenario). An ideal test would be that all containers pass PSS.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

configuration for securityContext in the CRD for all pods created by operator #1075

Problem Statement

Proposed Solution

Alternatives Considered

Additional Context

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development