How to update kubernetes pod securityContext of vault agent init container


We want to change the spec.initContainers[*].securityContext in the vault-agent-init container that runs as a init container to inject secrets into application pod. We are using Vault helm chart to deploy vault and it has securityContext configuration for injector pod and vault statefulset. Couldn’t find anything to configure the same for the init containers here.

I can see that the pod has the below securityContext

  allowPrivilegeEscalation: false
    - ALL
  readOnlyRootFilesystem: true
  runAsGroup: 1000
  runAsNonRoot: true
  runAsUser: 100

which is missing

  type: RuntimeDefault

based on the restricted pod security standards

Need to know a way to add the seccompProfile to the init container

Please see Add ability to run Vault Agent Sidecar in the namespace compliant with restricted Pod Security Standard · Issue #377 · hashicorp/vault-k8s · GitHub

1 Like