feat(trait): Pod security context

Added a trait to set default Pod security context or let the user customize

Closes #5287

docs/modules/ROOT/nav.adoc

@@ -87,6 +87,7 @@
 ** xref:traits:registry.adoc[Registry]
 ** xref:traits:resume.adoc[Resume]
 ** xref:traits:route.adoc[Route]
+** xref:traits:security-context.adoc[Security Context]
 ** xref:traits:service-binding.adoc[Service Binding]
 ** xref:traits:service.adoc[Service]
 ** xref:traits:telemetry.adoc[Telemetry]

docs/modules/ROOT/partials/apis/camel-k-crds.adoc

@@ -5948,6 +5948,13 @@ Deprecated: use jvm trait or read documentation.
 
 The configuration of Route trait
 
+|`security-context` +
+*xref:#_camel_apache_org_v1_trait_SecurityContextTrait[SecurityContextTrait]*
+|
+
+
+The configuration of Security Context trait
+
 |`service` +
 *xref:#_camel_apache_org_v1_trait_ServiceTrait[ServiceTrait]*
 |
@@ -6539,47 +6546,47 @@ Integration `.spec.integrationKit` parameter. If you're moving the Integration a
 
 The pull policy: Always{vbar}Never{vbar}IfNotPresent
 
-|`uid` +
+|`runAsUser` +
 int64
 |
 
 
-Security Context RunAsUser configuration: this value is automatically retrieved in Openshift clusters when not explicitly set.
+Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.
 
 |`runAsNonRoot` +
 bool
 |
 
 
-Security Context RunAsNonRoot configuration
+Security Context RunAsNonRoot configuration (default false).
 
 |`seccompProfileType` +
 *https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#seccompprofiletype-v1-core[Kubernetes core/v1.SeccompProfileType]*
 |
 
 
-Security Context SeccompProfileType configuration
+Security Context SeccompProfileType configuration (default RuntimeDefault).
 
 |`allowPrivilegeEscalation` +
 bool
 |
 
 
-Security Context AllowPrivilegeEscalation configuration
+Security Context AllowPrivilegeEscalation configuration (default false).
 
 |`capabilitiesDrop` +
 *https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#capability-v1-core[[\]Kubernetes core/v1.Capability]*
 |
 
 
-Security Context Capabilities Drop configuration
+Security Context Capabilities Drop configuration (default ALL).
 
 |`capabilitiesAdd` +
 *https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#capability-v1-core[[\]Kubernetes core/v1.Capability]*
 |
 
 
-Security Context Capabilities Add configuration
+Security Context Capabilities Add configuration (default none).
 
 
 |===
@@ -7960,6 +7967,7 @@ Only one of `max-unavailable` and `min-available` can be specified.
 * <<#_camel_apache_org_v1_trait_OpenAPITrait, OpenAPITrait>>
 * <<#_camel_apache_org_v1_trait_PlatformTrait, PlatformTrait>>
 * <<#_camel_apache_org_v1_trait_QuarkusTrait, QuarkusTrait>>
+* <<#_camel_apache_org_v1_trait_SecurityContextTrait, SecurityContextTrait>>
 
 PlatformBaseTrait is the base type for platform traits. It cannot be disabled by the user.
 
@@ -8446,6 +8454,52 @@ To configure how to deal with insecure traffic, e.g. `Allow`, `Disable` or `Redi
 Refer to the OpenShift route documentation for additional information.
 
 
+|===
+
+[#_camel_apache_org_v1_trait_SecurityContextTrait]
+=== SecurityContextTrait
+
+*Appears on:*
+
+* <<#_camel_apache_org_v1_Traits, Traits>>
+
+The Security Context trait can be used to configure the security setting of the Pod running the application.
+
+
+[cols="2,2a",options="header"]
+|===
+|Field
+|Description
+
+|`PlatformBaseTrait` +
+*xref:#_camel_apache_org_v1_trait_PlatformBaseTrait[PlatformBaseTrait]*
+|(Members of `PlatformBaseTrait` are embedded into this type.)
+
+
+
+
+|`runAsUser` +
+int64
+|
+
+
+Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.
+
+|`runAsNonRoot` +
+bool
+|
+
+
+Security Context RunAsNonRoot configuration (default false).
+
+|`seccompProfileType` +
+*https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#seccompprofiletype-v1-core[Kubernetes core/v1.SeccompProfileType]*
+|
+
+
+Security Context SeccompProfileType configuration (default RuntimeDefault).
+
+
 |===
 
 [#_camel_apache_org_v1_trait_ServiceBindingTrait]

docs/modules/traits/pages/container.adoc

@@ -85,6 +85,30 @@ Integration `.spec.integrationKit` parameter. If you're moving the Integration a
 | PullPolicy
 | The pull policy: Always\|Never\|IfNotPresent
 
+| container.run-as-user
+| int64
+| Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.
+
+| container.run-as-non-root
+| bool
+| Security Context RunAsNonRoot configuration (default false).
+
+| container.seccomp-profile-type
+| SeccompProfileType
+| Security Context SeccompProfileType configuration (default RuntimeDefault).
+
+| container.allow-privilege-escalation
+| bool
+| Security Context AllowPrivilegeEscalation configuration (default false).
+
+| container.capabilities-drop
+| []k8s.io/api/core/v1.Capability
+| Security Context Capabilities Drop configuration (default ALL).
+
+| container.capabilities-add
+| []k8s.io/api/core/v1.Capability
+| Security Context Capabilities Add configuration (default none).
+
 |===
 
 // End of autogenerated code - DO NOT EDIT! (configuration)

docs/modules/traits/pages/security-context.adoc

@@ -0,0 +1,46 @@
+= Security Context Trait
+
+// Start of autogenerated code - DO NOT EDIT! (badges)
+// End of autogenerated code - DO NOT EDIT! (badges)
+// Start of autogenerated code - DO NOT EDIT! (description)
+The Security Context trait can be used to configure the security setting of the Pod running the application.
+
+
+This trait is available in the following profiles: **Kubernetes, Knative, OpenShift**.
+
+NOTE: The security-context trait is a *platform trait* and cannot be disabled by the user.
+
+// End of autogenerated code - DO NOT EDIT! (description)
+// Start of autogenerated code - DO NOT EDIT! (configuration)
+== Configuration
+
+Trait properties can be specified when running any integration with the CLI:
+[source,console]
+----
+$ kamel run --trait security-context.[key]=[value] --trait security-context.[key2]=[value2] integration.groovy
+----
+The following configuration options are available:
+
+[cols="2m,1m,5a"]
+|===
+|Property | Type | Description
+
+| security-context.enabled
+| bool
+| Deprecated: no longer in use.
+
+| security-context.run-as-user
+| int64
+| Security Context RunAsUser configuration (default none): this value is automatically retrieved in Openshift clusters when not explicitly set.
+
+| security-context.run-as-non-root
+| bool
+| Security Context RunAsNonRoot configuration (default false).
+
+| security-context.seccomp-profile-type
+| SeccompProfileType
+| Security Context SeccompProfileType configuration (default RuntimeDefault).
+
+|===
+
+// End of autogenerated code - DO NOT EDIT! (configuration)

helm/camel-k/crds/crd-integration-platform.yaml

@@ -684,18 +684,21 @@ spec:
                     properties:
                       allowPrivilegeEscalation:
                         description: Security Context AllowPrivilegeEscalation configuration
+                          (default false).
                         type: boolean
                       auto:
                         description: To automatically enable the trait
                         type: boolean
                       capabilitiesAdd:
                         description: Security Context Capabilities Add configuration
+                          (default none).
                         items:
                           description: Capability represent POSIX capabilities type
                           type: string
                         type: array
                       capabilitiesDrop:
                         description: Security Context Capabilities Drop configuration
+                          (default ALL).
                         items:
                           description: Capability represent POSIX capabilities type
                           type: string
@@ -754,10 +757,18 @@ spec:
                         description: The minimum amount of memory required.
                         type: string
                       runAsNonRoot:
-                        description: Security Context RunAsNonRoot configuration
+                        description: Security Context RunAsNonRoot configuration (default
+                          false).
                         type: boolean
+                      runAsUser:
+                        description: 'Security Context RunAsUser configuration (default
+                          none): this value is automatically retrieved in Openshift
+                          clusters when not explicitly set.'
+                        format: int64
+                        type: integer
                       seccompProfileType:
                         description: Security Context SeccompProfileType configuration
+                          (default RuntimeDefault).
                         enum:
                         - Unconfined
                         - RuntimeDefault
@@ -770,12 +781,6 @@ spec:
                         description: To configure under which service port name the
                           container port is to be exposed (default `http`).
                         type: string
-                      uid:
-                        description: 'Security Context RunAsUser configuration: this
-                          value is automatically retrieved in Openshift clusters when
-                          not explicitly set.'
-                        format: int64
-                        type: integer
                     type: object
                   cron:
                     description: The configuration of Cron trait
@@ -1889,6 +1894,35 @@ spec:
                         - passthrough
                         type: string
                     type: object
+                  security-context:
+                    description: The configuration of Security Context trait
+                    properties:
+                      configuration:
+                        description: 'Legacy trait configuration parameters. Deprecated:
+                          for backward compatibility.'
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      enabled:
+                        description: 'Deprecated: no longer in use.'
+                        type: boolean
+                      runAsNonRoot:
+                        description: Security Context RunAsNonRoot configuration (default
+                          false).
+                        type: boolean
+                      runAsUser:
+                        description: 'Security Context RunAsUser configuration (default
+                          none): this value is automatically retrieved in Openshift
+                          clusters when not explicitly set.'
+                        format: int64
+                        type: integer
+                      seccompProfileType:
+                        description: Security Context SeccompProfileType configuration
+                          (default RuntimeDefault).
+                        enum:
+                        - Unconfined
+                        - RuntimeDefault
+                        type: string
+                    type: object
                   service:
                     description: The configuration of Service trait
                     properties:
@@ -2628,18 +2662,21 @@ spec:
                     properties:
                       allowPrivilegeEscalation:
                         description: Security Context AllowPrivilegeEscalation configuration
+                          (default false).
                         type: boolean
                       auto:
                         description: To automatically enable the trait
                         type: boolean
                       capabilitiesAdd:
                         description: Security Context Capabilities Add configuration
+                          (default none).
                         items:
                           description: Capability represent POSIX capabilities type
                           type: string
                         type: array
                       capabilitiesDrop:
                         description: Security Context Capabilities Drop configuration
+                          (default ALL).
                         items:
                           description: Capability represent POSIX capabilities type
                           type: string
@@ -2698,10 +2735,18 @@ spec:
                         description: The minimum amount of memory required.
                         type: string
                       runAsNonRoot:
-                        description: Security Context RunAsNonRoot configuration
+                        description: Security Context RunAsNonRoot configuration (default
+                          false).
                         type: boolean
+                      runAsUser:
+                        description: 'Security Context RunAsUser configuration (default
+                          none): this value is automatically retrieved in Openshift
+                          clusters when not explicitly set.'
+                        format: int64
+                        type: integer
                       seccompProfileType:
                         description: Security Context SeccompProfileType configuration
+                          (default RuntimeDefault).
                         enum:
                         - Unconfined
                         - RuntimeDefault
@@ -2714,12 +2759,6 @@ spec:
                         description: To configure under which service port name the
                           container port is to be exposed (default `http`).
                         type: string
-                      uid:
-                        description: 'Security Context RunAsUser configuration: this
-                          value is automatically retrieved in Openshift clusters when
-                          not explicitly set.'
-                        format: int64
-                        type: integer
                     type: object
                   cron:
                     description: The configuration of Cron trait
@@ -3833,6 +3872,35 @@ spec:
                         - passthrough
                         type: string
                     type: object
+                  security-context:
+                    description: The configuration of Security Context trait
+                    properties:
+                      configuration:
+                        description: 'Legacy trait configuration parameters. Deprecated:
+                          for backward compatibility.'
+                        type: object
+                        x-kubernetes-preserve-unknown-fields: true
+                      enabled:
+                        description: 'Deprecated: no longer in use.'
+                        type: boolean
+                      runAsNonRoot:
+                        description: Security Context RunAsNonRoot configuration (default
+                          false).
+                        type: boolean
+                      runAsUser:
+                        description: 'Security Context RunAsUser configuration (default
+                          none): this value is automatically retrieved in Openshift
+                          clusters when not explicitly set.'
+                        format: int64
+                        type: integer
+                      seccompProfileType:
+                        description: Security Context SeccompProfileType configuration
+                          (default RuntimeDefault).
+                        enum:
+                        - Unconfined
+                        - RuntimeDefault
+                        type: string
+                    type: object
                   service:
                     description: The configuration of Service trait
                     properties: