pulp-web image crashes in k8s when capabilities.drop = ["ALL"]

[PyroGun]

Version
quay.io/pulp/pulp-web:stable
Deployed to Kubernetes via Helm

Describe the bug
Adding
spec.containers.securityContext.capabilities.drop: ["ALL"] breaks pulp-web pod with following logs
nginx: [emerg] chown("/var/cache/nginx/client_temp", 101) failed (1: Operation not permitted)

To Reproduce
Steps to reproduce the behavior:
Add spec.containers.securityContext.capabilities.drop: ["ALL"] to pulp-web container
Expected behavior
pulp-web works
Additional context
securityContext param is set through OPA Gatekeeper mutation

[PyroGun]

Also, as part of security hardening of k8s cluster I want to make sure that service are not running with root:root, is it necessary for pulp-web to run as root:root?

[git-hyagi]

Would you mind checking if it works with quay.io/pulp/pulp-web:3.82 image?

[git-hyagi]

maybe dup of: #736