Hi,
We want to change the spec.initContainers[*].securityContext in the vault-agent-init container that runs as a init container to inject secrets into application pod. We are using Vault helm chart to deploy vault and it has securityContext configuration for injector pod and vault statefulset. Couldn’t find anything to configure the same for the init containers here.
I can see that the pod has the below securityContext
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsGroup: 1000
runAsNonRoot: true
runAsUser: 100
which is missing
seccompProfile:
type: RuntimeDefault
based on the restricted pod security standards
Need to know a way to add the seccompProfile to the init container