Running the Strimzi Cluster Operator with a restricted profile
You run the Strimzi Cluster Operator with a restricted profile by configuring the securityContext Helm properties.
By default, the Strimzi Cluster Operator runs with the baseline profile.
However, the Helm templates allow customizing the security context of the Strimzi
Cluster Operator with the securityContext
properties. You run the
Strimzi Cluster Operator with a restricted profile by specifying appropriate privileges
with helm upgrade.
helm upgrade [***RELEASE***] [***CHART***] --namespace [***NAMESPACE***] \
--set watchAnyNamespace=true
--set securityContext.allowPrivilegeEscalation=false \
--set securityContext.capabilities.drop={ALL} \
--set securityContext.runAsNonRoot=true \
--set securityContext.seccompProfile.type=RuntimeDefault