Configure securityContext by default for implementing Pod Security Standard

[avthart]

In compliant Kubernetes clusters, workloads should run as secure as possible.
Therefore, it would be great if hivemq and the operator can be compliant with the Pod Security Standard restricted profile (if possible).

See https://kubernetes.io/docs/concepts/security/pod-security-standards/

[avthart]

Currently it is possible to set the podSecurityContext but it is not possible to set the containerSecurityContext (e.g. drop all capabilities, allowPrivilegeEscalation to false).

[afalhambra-hivemq]

Thanks @avthart - Indeed, that's a valid point to improve the Pod Security Standard of our platform.
That's something we are not directly supporting via our Helm charts. I will work on this to provide support for the Container Security Context as well.

In the meantime, if you need that, you can always override the whole StatefulSet as mentioned in our HiveMQ documentation. Bear in mind, that doing so, you need to align the different service configuration you also may have in your custom chart values with the ones you define in your override StatefulSet.

[avthart]

Thanks. Will look into this!