cert-manager needs securityContext.runAsRoot for standard BB kyverno policies
Kyverno will block cert-manager pods from being admitted to the cluster, failing on the securityContext runAsGroup rule.
We should set the securityContext runAsUser and runAsGroup for all pods since cert-manager does not use the root user.
Looking at the IB containers, we could set these values by default:
securityContext:
runAsUser: 65532
runAsGroup: 65532
webhook:
securityContext:
runAsUser: 65532
runAsGroup: 65532
cainjector:
securityContext:
runAsUser: 65532
runAsGroup: 65532
startupapicheck:
securityContext:
runAsUser: 65532
runAsGroup: 65532