Some of the kubectl jobs are using root user
Summary
Our kubectl CNG image currently doesn't specify a run user by default. This results in it being run as root unless the k8s system its running on sets the user.
For our shared-secrets jobs we do set the image to be the nobody users, but several of our other uses of the image have do not have a securityContext set. (self signed cert job, pause jobs, and issuer job)
We should:
- Ensure all these work in charts with a security context set to the nobody user.
- Consider updating our kubectl image to default to this user.