We need to update all helm chart modules (and all charts ofc.) to be compatible with the restricted PSS profile.
As far as I can tell rn this is mostly adding a proper securityContext to all containers:
securityContext: allowPrivilegeEscalation: false capabilities: drop: - ALL runAsNonRoot: true seccompProfile: type: RuntimeDefault
There is another "update everything" task at: T346638: Rename the envoy's uses_ingress option to sets_sni to cross check for synergy effects...