SecurityContext only partly applied to Jobmanager / Taskmanager

[timsn]

To comply to our policies I have set several securityContext settings. Such as to the Jobmanager, Taskmanger and Job. The CRD clearly allows to set the securityContext for all the needed resources (see the CRD docs here).
But when I set them in the FlinkCluster resource and inspect the deployment created by the operator only some of them seem to be applied.

For example the Jobmanager part in my flink-cluster.yaml looks like this:

jobManager:
  accessScope: Cluster
  securityContext:
    runAsNonRoot: true
    runAsUser: 9999
    runAsGroup: 9999
    privileged: false
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: true
    capabilities:
      drop:
        - all
  ports:
    ui: 8081
  resources:
    requests:
      memory: "1024Mi"
      cpu: "200m"
    limits:
      memory: "1024Mi"

And if I inspect the created Jobmanager I can only find these securityContext settings set:

$ kubectl get pod flinksessioncluster-jobmanager-0 -o yaml

Output:

[...]
securityContext:
  runAsGroup: 9999
  runAsNonRoot: true
  runAsUser: 9999

So for example dropping the capabilites isn't applied at all even if it seems to be part of the CRD:

flink-on-k8s-operator/config/crd/bases/flinkoperator.k8s.io_flinkclusters.yaml

Lines 1838 to 1855 in 0310df7

	securityContext:
	properties:
	allowPrivilegeEscalation:
	type: boolean
	capabilities:
	properties:
	add:
	items:
	type: string
	type: array
	drop:
	items:
	type: string
	type: array
	type: object
	privileged:
	type: boolean
	procMount: