Pod Security standards for system components

[jnummelin]

k0s should enable pod security standards for all the system components it manages.

[github-actions]

The issue is marked as stale since no activity has been recorded in 30 days

[juanluisvaladas]

Components checklist:

• CoreDNS: The container runs as root, although it drops all capabilities except CAP_NET_BIND.
  • This requires a new image: Allow coreDNS to run as non-root image-builder#187
  • And some changes in k0s itself: Make coreDNS run as nonRoot #6228
• Kuberouter: I think this is correct as is, someone should double check.
• Calico: Add securityContext to calico-kube-controllers #6229
• Konnectivity: [Konnectivity] More restrictive security context #6231
• Kube-proxy: I believe this is correct as is, someone should double check.
• NLLB: I believe this is correct as is, someone should double check.