Add security context to the init-container of the env injector

[ghostfrik]

Is it possible to add security context to the init container?

We have applied some security policies to our AKS cluster. We managed to configure the security context for the akv2k8s deployments (the injector and the controller are running fine), but the side-container that gets deployed with our main application to inject the environment variables does not have any.

Is there a way to add these to the init-container?

allowPrivilegeEscalation: false 
runAsUser: 65534
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true

I am using the helm chart version 2.2.0, appVersion: 1.3.1

[Speeddymon]

https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/ may help if you're running Gatekeeper (or your cloud provider's gatekeeper offering e.g. Azure Policy for Kubernetes) in your cluster.

[ghostfrik]

https://open-policy-agent.github.io/gatekeeper/website/docs/mutation/ may help if you're running Gatekeeper (or your cloud provider's gatekeeper offering e.g. Azure Policy for Kubernetes) in your cluster.

We have decided to change the source code of the plugin or basically implement what has been requested in #282 with some additional tags (like the readonly filesystem), because the injector does not work properly with some of the security tags.