feat(security): enforce pod and container security contexts

Apply default pod/container security contexts across KFP v2 compiler templates (driver, executor, importer, DAG driver) and workflow spec. Harden control-plane manifests/charts with runAsNonRoot and RuntimeDefault seccomp profiles, and update test workflows/goldens.

Author: jsonmp-k8

backend/src/v2/compiler/argocompiler/argo.go

@@ -150,9 +150,10 @@ func Compile(jobArg *pipelinespec.PipelineJob, kubernetesSpecArg *pipelinespec.S
 		},
 	}
 
+	wf.Spec.SecurityContext = defaultPodSecurityContext()
 	runAsUser := GetPipelineRunAsUser()
 	if runAsUser != nil {
-		wf.Spec.SecurityContext = &k8score.PodSecurityContext{RunAsUser: runAsUser}
+		wf.Spec.SecurityContext.RunAsUser = runAsUser
 	}
 
 	c := &workflowCompiler{

backend/src/v2/compiler/argocompiler/container.go

@@ -265,6 +265,7 @@ func (c *workflowCompiler) addContainerDriverTemplate() string {
 			Env:       append(proxy.GetConfig().GetEnvVars(), commonEnvs...),
 		},
 	}
+	applySecurityContextToTemplate(t)
 	// If TLS is enabled (apiserver or metadata), add the custom CA bundle to the container driver template.
 	if setCABundle {
 		ConfigureCustomCABundle(t)
@@ -555,6 +556,7 @@ func (c *workflowCompiler) addContainerExecutorTemplate(task *pipelinespec.Pipel
 	if common.GetCaBundleSecretName() != "" || common.GetCaBundleConfigMapName() != "" {
 		ConfigureCustomCABundle(executor)
 	}
+	applySecurityContextToTemplate(executor)
 
 	// If retry policy is set, add retryStrategy to executor
 	if taskRetrySpec != nil {

backend/src/v2/compiler/argocompiler/dag.go

@@ -630,6 +630,7 @@ func (c *workflowCompiler) addDAGDriverTemplate() string {
 			Env:       proxy.GetConfig().GetEnvVars(),
 		},
 	}
+	applySecurityContextToTemplate(t)
 	// If TLS is enabled (apiserver or metadata), add the custom CA bundle to the DAG driver template.
 	if setCABundle {
 		ConfigureCustomCABundle(t)

backend/src/v2/compiler/argocompiler/importer.go

@@ -152,6 +152,7 @@ func (c *workflowCompiler) addImporterTemplate(downloadToWorkspace bool) string
 	if setCABundle {
 		ConfigureCustomCABundle(importerTemplate)
 	}
+	applySecurityContextToTemplate(importerTemplate)
 	c.templates[name] = importerTemplate
 	c.wf.Spec.Templates = append(c.wf.Spec.Templates, *importerTemplate)
 	return name

backend/src/v2/compiler/argocompiler/security_context.go

@@ -0,0 +1,97 @@
+// Copyright 2026 The Kubeflow Authors
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//      https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package argocompiler
+
+import (
+	wfapi "github.com/argoproj/argo-workflows/v3/pkg/apis/workflow/v1alpha1"
+	k8score "k8s.io/api/core/v1"
+)
+
+func defaultPodSecurityContext() *k8score.PodSecurityContext {
+	runAsNonRoot := true
+	return &k8score.PodSecurityContext{
+		RunAsNonRoot: &runAsNonRoot,
+		SeccompProfile: &k8score.SeccompProfile{
+			Type: k8score.SeccompProfileTypeRuntimeDefault,
+		},
+	}
+}
+
+func defaultContainerSecurityContext() *k8score.SecurityContext {
+	allowPrivilegeEscalation := false
+	runAsNonRoot := true
+	return &k8score.SecurityContext{
+		AllowPrivilegeEscalation: &allowPrivilegeEscalation,
+		RunAsNonRoot:             &runAsNonRoot,
+		Capabilities: &k8score.Capabilities{
+			Drop: []k8score.Capability{"ALL"},
+		},
+		SeccompProfile: &k8score.SeccompProfile{
+			Type: k8score.SeccompProfileTypeRuntimeDefault,
+		},
+	}
+}
+
+func applySecurityContextToTemplate(t *wfapi.Template) {
+	if t == nil {
+		return
+	}
+	applyPodSecurityContext(&t.SecurityContext)
+	applySecurityContextToContainer(t.Container)
+	applySecurityContextToUserContainers(t.InitContainers)
+	applySecurityContextToUserContainers(t.Sidecars)
+}
+
+func applyPodSecurityContext(sc **k8score.PodSecurityContext) {
+	if *sc == nil {
+		*sc = defaultPodSecurityContext()
+		return
+	}
+	runAsNonRoot := true
+	(*sc).RunAsNonRoot = &runAsNonRoot
+	if (*sc).SeccompProfile == nil {
+		(*sc).SeccompProfile = &k8score.SeccompProfile{
+			Type: k8score.SeccompProfileTypeRuntimeDefault,
+		}
+	}
+}
+
+func applySecurityContextToContainer(c *k8score.Container) {
+	if c == nil {
+		return
+	}
+	if c.SecurityContext == nil {
+		c.SecurityContext = defaultContainerSecurityContext()
+		return
+	}
+	allowPrivilegeEscalation := false
+	runAsNonRoot := true
+	c.SecurityContext.AllowPrivilegeEscalation = &allowPrivilegeEscalation
+	c.SecurityContext.RunAsNonRoot = &runAsNonRoot
+	c.SecurityContext.Capabilities = &k8score.Capabilities{
+		Drop: []k8score.Capability{"ALL"},
+	}
+	if c.SecurityContext.SeccompProfile == nil {
+		c.SecurityContext.SeccompProfile = &k8score.SeccompProfile{
+			Type: k8score.SeccompProfileTypeRuntimeDefault,
+		}
+	}
+}
+
+func applySecurityContextToUserContainers(containers []wfapi.UserContainer) {
+	for i := range containers {
+		applySecurityContextToContainer(&containers[i].Container)
+	}
+}

backend/src/v2/compiler/argocompiler/spec_patch_test.go

@@ -199,6 +199,7 @@ func TestApplyWorkflowSpecPatch_ComplexPatch(t *testing.T) {
 	compiler := &workflowCompiler{
 		wf: wf,
 	}
+	wf.Spec.SecurityContext = defaultPodSecurityContext()
 
 	complexPatch := `{
 		"serviceAccountName": "complex-sa",
@@ -243,6 +244,10 @@ func TestApplyWorkflowSpecPatch_ComplexPatch(t *testing.T) {
 	assert.Equal(t, int64(1000), *wf.Spec.SecurityContext.RunAsUser)
 	assert.Equal(t, int64(1000), *wf.Spec.SecurityContext.RunAsGroup)
 	assert.Equal(t, int64(1000), *wf.Spec.SecurityContext.FSGroup)
+	assert.NotNil(t, wf.Spec.SecurityContext.RunAsNonRoot)
+	assert.Equal(t, true, *wf.Spec.SecurityContext.RunAsNonRoot)
+	assert.NotNil(t, wf.Spec.SecurityContext.SeccompProfile)
+	assert.Equal(t, corev1.SeccompProfileTypeRuntimeDefault, wf.Spec.SecurityContext.SeccompProfile.Type)
 	assert.Equal(t, false, *wf.Spec.HostNetwork)
 	assert.Equal(t, corev1.DNSClusterFirst, *wf.Spec.DNSPolicy)
 }

backend/test/compiler/matchers/workflow_matcher.go

@@ -85,7 +85,7 @@ func CompareWorkflows(actual *v1alpha1.Workflow, expected *v1alpha1.Workflow) {
 	gomega.Expect(actual.Spec.Priority).To(gomega.Equal(expected.Spec.Priority), "Priority is not same")
 	gomega.Expect(actual.Spec.RetryStrategy).To(gomega.Equal(expected.Spec.RetryStrategy), "RetryStrategy is not same")
 	gomega.Expect(actual.Spec.SchedulerName).To(gomega.Equal(expected.Spec.SchedulerName), "SchedulerName is not same")
-	gomega.Expect(actual.Spec.SecurityContext).To(gomega.Equal(expected.Spec.SecurityContext), "SecurityContext is not same")
+	matchPodSecurityContext(actual.Spec.SecurityContext, expected.Spec.SecurityContext, "WorkflowSpec SecurityContext is not same")
 	gomega.Expect(actual.Spec.Shutdown).To(gomega.Equal(expected.Spec.Shutdown), "Shutdown is not same")
 	gomega.Expect(actual.Spec.ServiceAccountName).To(gomega.Equal(expected.Spec.ServiceAccountName), "ServiceAccountName is not same")
 	gomega.Expect(actual.Spec.Suspend).To(gomega.Equal(expected.Spec.Suspend), "Suspend is not same")
@@ -100,7 +100,7 @@ func CompareWorkflows(actual *v1alpha1.Workflow, expected *v1alpha1.Workflow) {
 		gomega.Expect(actual.Spec.Templates[index].Synchronization).To(gomega.Equal(template.Synchronization), "Synchronization is not same")
 		gomega.Expect(actual.Spec.Templates[index].Volumes).To(gomega.Equal(template.Volumes), "Volumes is not same")
 		gomega.Expect(actual.Spec.Templates[index].Suspend).To(gomega.Equal(template.Suspend), "Suspend is not same")
-		gomega.Expect(actual.Spec.Templates[index].SecurityContext).To(gomega.Equal(template.SecurityContext), "SecurityContext is not same")
+		matchPodSecurityContext(actual.Spec.Templates[index].SecurityContext, template.SecurityContext, "Template SecurityContext is not same")
 		gomega.Expect(actual.Spec.Templates[index].SchedulerName).To(gomega.Equal(template.SchedulerName), "SchedulerName is not same")
 		gomega.Expect(actual.Spec.Templates[index].RetryStrategy).To(gomega.Equal(template.RetryStrategy), "RetryStrategy is not same")
 		gomega.Expect(actual.Spec.Templates[index].Parallelism).To(gomega.Equal(template.Parallelism), "Parallelism is not same")
@@ -163,7 +163,7 @@ func MatchContainer(actual *v1.Container, expected *v1.Container) {
 	if expected != nil {
 		gomega.Expect(actual.Name).To(gomega.Equal(expected.Name), "Container Name is not same")
 		gomega.Expect(actual.Args).To(gomega.ConsistOf(expected.Args), "Container Args is not same")
-		gomega.Expect(actual.SecurityContext).To(gomega.Equal(expected.SecurityContext), "Container SecurityContext is not same")
+		matchContainerSecurityContext(actual.SecurityContext, expected.SecurityContext, "Container SecurityContext is not same")
 		gomega.Expect(actual.Env).To(gomega.Equal(expected.Env), "Container Env is not same")
 		gomega.Expect(actual.EnvFrom).To(gomega.Equal(expected.EnvFrom), "Container EnvFrom is not same")
 		gomega.Expect(actual.Command).To(gomega.Equal(expected.Command), "Container Command is not same")
@@ -197,7 +197,7 @@ func MatchUserContainer(actual *v1alpha1.UserContainer, expected *v1alpha1.UserC
 	if expected != nil {
 		gomega.Expect(actual.Name).To(gomega.Equal(expected.Name), "User Container Name is not same")
 		gomega.Expect(actual.Args).To(gomega.ConsistOf(expected.Args), "User Container Args is not same")
-		gomega.Expect(actual.SecurityContext).To(gomega.Equal(expected.SecurityContext), "User Container SecurityContext is not same")
+		matchContainerSecurityContext(actual.SecurityContext, expected.SecurityContext, "User Container SecurityContext is not same")
 		gomega.Expect(actual.Env).To(gomega.Equal(expected.Env), "User Container Env is not same")
 		gomega.Expect(actual.EnvFrom).To(gomega.Equal(expected.EnvFrom), "User Container EnvFrom is not same")
 		gomega.Expect(actual.Command).To(gomega.Equal(expected.Command), "User Container Command is not same")
@@ -266,3 +266,62 @@ func AreStringsSameWithoutOrder(s1, s2 string) bool {
 	// Compare the sorted slices
 	return reflect.DeepEqual(r1, r2)
 }
+
+func matchPodSecurityContext(actual *v1.PodSecurityContext, expected *v1.PodSecurityContext, msg string) {
+	if expected == nil {
+		return
+	}
+	gomega.Expect(actual).NotTo(gomega.BeNil(), msg)
+	if expected.RunAsUser != nil {
+		gomega.Expect(actual.RunAsUser).To(gomega.Equal(expected.RunAsUser), msg)
+	}
+	if expected.RunAsGroup != nil {
+		gomega.Expect(actual.RunAsGroup).To(gomega.Equal(expected.RunAsGroup), msg)
+	}
+	if expected.FSGroup != nil {
+		gomega.Expect(actual.FSGroup).To(gomega.Equal(expected.FSGroup), msg)
+	}
+	if expected.RunAsNonRoot != nil {
+		gomega.Expect(actual.RunAsNonRoot).To(gomega.Equal(expected.RunAsNonRoot), msg)
+	}
+	if expected.SeccompProfile != nil {
+		gomega.Expect(actual.SeccompProfile).NotTo(gomega.BeNil(), msg)
+		gomega.Expect(actual.SeccompProfile.Type).To(gomega.Equal(expected.SeccompProfile.Type), msg)
+		gomega.Expect(actual.SeccompProfile.LocalhostProfile).To(gomega.Equal(expected.SeccompProfile.LocalhostProfile), msg)
+	}
+}
+
+func matchContainerSecurityContext(actual *v1.SecurityContext, expected *v1.SecurityContext, msg string) {
+	if expected == nil {
+		return
+	}
+	gomega.Expect(actual).NotTo(gomega.BeNil(), msg)
+	if expected.AllowPrivilegeEscalation != nil {
+		gomega.Expect(actual.AllowPrivilegeEscalation).To(gomega.Equal(expected.AllowPrivilegeEscalation), msg)
+	}
+	if expected.Privileged != nil {
+		gomega.Expect(actual.Privileged).To(gomega.Equal(expected.Privileged), msg)
+	}
+	if expected.ReadOnlyRootFilesystem != nil {
+		gomega.Expect(actual.ReadOnlyRootFilesystem).To(gomega.Equal(expected.ReadOnlyRootFilesystem), msg)
+	}
+	if expected.RunAsNonRoot != nil {
+		gomega.Expect(actual.RunAsNonRoot).To(gomega.Equal(expected.RunAsNonRoot), msg)
+	}
+	if expected.RunAsUser != nil {
+		gomega.Expect(actual.RunAsUser).To(gomega.Equal(expected.RunAsUser), msg)
+	}
+	if expected.RunAsGroup != nil {
+		gomega.Expect(actual.RunAsGroup).To(gomega.Equal(expected.RunAsGroup), msg)
+	}
+	if expected.Capabilities != nil {
+		gomega.Expect(actual.Capabilities).NotTo(gomega.BeNil(), msg)
+		gomega.Expect(actual.Capabilities.Drop).To(gomega.Equal(expected.Capabilities.Drop), msg)
+		gomega.Expect(actual.Capabilities.Add).To(gomega.Equal(expected.Capabilities.Add), msg)
+	}
+	if expected.SeccompProfile != nil {
+		gomega.Expect(actual.SeccompProfile).NotTo(gomega.BeNil(), msg)
+		gomega.Expect(actual.SeccompProfile.Type).To(gomega.Equal(expected.SeccompProfile.Type), msg)
+		gomega.Expect(actual.SeccompProfile.LocalhostProfile).To(gomega.Equal(expected.SeccompProfile.LocalhostProfile), msg)
+	}
+}

manifests/gcp_marketplace/chart/kubeflow-pipelines/templates/argo.yaml

@@ -972,8 +972,12 @@ spec:
             - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
       nodeSelector:
         kubernetes.io/os: linux
       priorityClassName: workflow-controller
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault

manifests/kustomize/base/cache-deployer/cache-deployer-deployment.yaml

@@ -17,6 +17,7 @@ spec:
         app: cache-deployer
     spec:
       securityContext:
+        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -29,6 +30,8 @@ spec:
           capabilities:
             drop:
             - ALL
+          seccompProfile:
+            type: RuntimeDefault
         image: ghcr.io/kubeflow/kfp-cache-deployer:dummy
         imagePullPolicy: Always
         env:

manifests/kustomize/base/cache/cache-deployment.yaml

@@ -15,6 +15,7 @@ spec:
         app: cache-server
     spec:
       securityContext:
+        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -27,6 +28,8 @@ spec:
           capabilities:
             drop:
             - ALL
+          seccompProfile:
+            type: RuntimeDefault
         image: ghcr.io/kubeflow/kfp-cache-server:dummy
         env:
           - name: DEFAULT_CACHE_STALENESS