#120 : Ensure security contexts are being correctly applied across all containers

General MR

Summary

This MR fixes an insufficiency in the default test values when deploying with kyverno enabled. The security context doesn't sufficiently drop privileges to satisfy Kyverno, which blocks deployment of the set.

Relevant logs/screenshots

Before the fix, deploying with kyverno enabled results in failures:

62s (x16 over 3m47s)    Warning   FailedCreate            StatefulSet/confluence            create Pod confluence-0 in StatefulSet confluence failed error: admission webhook "validate.kyverno.svc-fail" denied the request:                                                                                                                                                                                                                                                                                           
resource Pod/confluence/confluence-0 was blocked due to the following policies                                                                                          
                                                                                                                                                                        require-drop-all-capabilities:                                                                                                                                          
  drop-all-capabilities: 'validation failure: Containers must drop all Linux capabilities                                                                               
    by setting the fields spec.containers[*].securityContext.capabilities.drop, spec.initContainers[*].securityContext.capabilities.drop,                               
    and spec.ephemeralContainers[*].securityContext.capabilities.drop to `ALL`.'

After this patch, deployment succeeds.

Linked Issue

#120 (closed)

Upgrade Notices

N/A

Closes: #120 (closed)