chore: generate

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>

app/kumactl/cmd/install/testdata/install-control-plane.cni-enabled.golden.yaml

@@ -479,6 +479,8 @@ spec:
       # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
       # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
       terminationGracePeriodSeconds: 5
+      securityContext:
+        {}
       containers:
         - name: install-cni
           image: "docker.io/kumahq/kuma-cni:0.0.1"
@@ -491,6 +493,11 @@ spec:
                 - /tmp/ready
           command: [ "sh", "-c", "--" ]
           args: [ "sleep 0 && exec /install-cni" ]
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsGroup: 0
+            runAsNonRoot: false
+            runAsUser: 0
           env:
             # Name of the CNI config file to create.
             - name: CNI_CONF_NAME
@@ -519,6 +526,8 @@ spec:
               name: cni-bin-dir
             - mountPath: /host/etc/cni/net.d
               name: cni-net-dir
+            - name: tmp
+              mountPath: /tmp
       volumes:
         # Used to install CNI.
         - name: cni-bin-dir
@@ -527,6 +536,8 @@ spec:
         - name: cni-net-dir
           hostPath:
             path: /etc/cni/multus/net.d
+        - name: tmp
+          emptyDir: {}
 ---
 apiVersion: apps/v1
 kind: Deployment

app/kumactl/cmd/install/testdata/install-control-plane.cni-legacy-enabled.golden.yaml

@@ -467,12 +467,19 @@ spec:
       # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
       # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
       terminationGracePeriodSeconds: 5
+      securityContext:
+        {}
       containers:
         - name: install-cni
           image: "docker.io/kumahq/install-cni:0.0.10"
           imagePullPolicy: IfNotPresent
           command: [ "/bin/sh", "-c", "--" ]
           args: [ "sleep 0 && exec /install-cni.sh" ]
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsGroup: 0
+            runAsNonRoot: false
+            runAsUser: 0
           env:
             # Name of the CNI config file to create.
             - name: CNI_CONF_NAME
@@ -501,6 +508,8 @@ spec:
               name: cni-bin-dir
             - mountPath: /host/etc/cni/net.d
               name: cni-net-dir
+            - name: tmp
+              mountPath: /tmp
       volumes:
         # Used to install CNI.
         - name: cni-bin-dir
@@ -509,6 +518,8 @@ spec:
         - name: cni-net-dir
           hostPath:
             path: /etc/cni/multus/net.d
+        - name: tmp
+          emptyDir: {}
 ---
 apiVersion: apps/v1
 kind: Deployment

app/kumactl/cmd/install/testdata/install-control-plane.dump-values.yaml

@@ -334,27 +334,13 @@ cni:
 
   # -- Security context at the pod level for cni
   podSecurityContext: {}
-#    # The values below are examples. More values can be added as needed, since the field resolves as free form.
-#    runAsNonRoot: true
-#    runAsUser: 1000
-#    runAsGroup: 3000
-#    fsGroup: 2000
-#    fsGroupChangePolicy:
-#    # to support additional pod level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#podsecuritycontext-v1-core
 
   # -- Security context at the container level for cni
-  containerSecurityContext: {} # for overlapping securityContext between pod and container, the container's value take precedence
-#    # The values below are examples. More values can be added as needed, since the field resolves as free form.
-#    allowPrivilegeEscalation: false
-#    capabilities:
-#      drop:
-#        - all
-#    readOnlyRootFilesystem: true
-#    privileged: false
-#    runAsNonRoot: true
-#    runAsUser: 1000
-#    runAsGroup: 3000
-#    # to support additional container level securityContext parameters, please check:https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.23/#securitycontext-v1-core
+  containerSecurityContext:
+    readOnlyRootFilesystem: true
+    runAsNonRoot: false
+    runAsUser: 0
+    runAsGroup: 0
 
 dataPlane:
   image:

app/kumactl/cmd/install/testdata/install-cp-helm/fix4935.golden.yaml

@@ -549,6 +549,8 @@ spec:
       # Minimize downtime during a rolling upgrade or deletion; tell Kubernetes to do a "force
       # deletion": https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods.
       terminationGracePeriodSeconds: 5
+      securityContext:
+        {}
       containers:
         - name: install-cni
           image: "docker.io/kumahq/kuma-cni:0.0.1"
@@ -561,6 +563,11 @@ spec:
                 - /tmp/ready
           command: [ "sh", "-c", "--" ]
           args: [ "sleep 0 && exec /install-cni" ]
+          securityContext:
+            readOnlyRootFilesystem: true
+            runAsGroup: 0
+            runAsNonRoot: false
+            runAsUser: 0
           env:
             # Name of the CNI config file to create.
             - name: CNI_CONF_NAME
@@ -589,6 +596,8 @@ spec:
               name: cni-bin-dir
             - mountPath: /host/etc/cni/net.d
               name: cni-net-dir
+            - name: tmp
+              mountPath: /tmp
       volumes:
         # Used to install CNI.
         - name: cni-bin-dir
@@ -597,6 +606,8 @@ spec:
         - name: cni-net-dir
           hostPath:
             path: /etc/cni/multus/net.d
+        - name: tmp
+          emptyDir: {}
 ---
 apiVersion: apps/v1
 kind: Deployment