securityContext for namespaces with pod security restricted #1034
Description
Hello,
In a namespace with label pod-security.kubernetes.io/enforce: restricted, the cockroachdb cluster created by the operator does not start :
create Pod crdb-0 in StatefulSet crdb failed error: pods "crdb-0" is forbidden: violates PodSecurity "restricted:latest": allowPrivilegeEscalation != false (container "db" must set securityContext.allowPrivilegeEscalation=false), unrestricted capabilities (containers "db-init", "db" must set securityContext.capabilities.drop=["ALL"]), runAsNonRoot != true (pod or containers "db-init", "k8tz", "db" must set securityContext.runAsNonRoot=true), runAsUser=0 (container "db-init" must not set runAsUser=0), seccompProfile (pod or containers "db-init", "db" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
Is there a way to update pods and containers securityContext to match requirements ? It seams that in the crdb helm chart theses values are properly populated