Support configuration of securityContext on calico installations

[clayvan]

As it stands today, we can only update specs like securityContext on the tigera operator itself, but the installation of calico components such as calico-kube-controllers is unable to configure settings like securityContext.

Expected Behavior

I would like a new installation property for each of typha, node, kube-controllers, etc to be allowed to configure the securityContext.

Current Behavior

Currently if we try to use a "hardened" image that runs as non-root, kube-controllers throws an error of open /status/status.json: permission denied and cannot write the readiness check, so ends up in a crash loop. All I need is to set the securitycontext to avoid this but it's impossible via Tigera operator.

[tmjd]

That sounds like a good feature that could be added. I'd assume that could be new fields in the Installation resource under calicoNodeDaemonSet, csiNodeDriverDaemonSet, calicoKubeControllersDeployment, typhaDeployment`, and others like those. They mimic the K8s definitions of those resource types so it is probably obvious what the field names would be and the existing code should provide good examples. I would be happy to review a PR, though I'd first suggest a draft PR with the API changes.