helm: default to pss-baseline

[jcpunk]

As I understand it the container needs to run as root, so restricted isn't possible.

Having the helm chart default to https://kubernetes.io/docs/concepts/security/pod-security-standards/#baseline would provide some level of assurance that default hardening is occurring.

I'd love to see things that are workable from restricted (such as readOnlyRootFilesystem) set by default as well.

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[jcpunk]

I'd still like to see this

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[jcpunk]

I'd still like to see this

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.