Problem
On clusters with restricted Pod Security Standards, declarative agents with spec.skills set never reach Accepted: True. The controller sets privileged: true on the main container when skills are present, and restricted-PSS rejects it.
Why
The skills-init init container handles git clone and OCI image pull — the main container doesn't need elevated privileges for skills loading. privileged: true is only used for the in-pod BashTool srt/bubblewrap sandbox.
Tying the two together means you can't use skills on any restricted-PSS cluster, even if you don't use the BashTool or don't need the in-pod sandbox (e.g. you call tools via MCP instead).
Current workaround
Set allowPrivilegeEscalation: false on the Agent CR. The controller already has a guard (allowPrivilegeEscalationExplicitlyFalse) that suppresses privileged: true when this is set:
spec:
declarative:
deployment:
securityContext:
allowPrivilegeEscalation: falseThis works but requires every skills-using Agent CR to carry the override, and it silently disables the BashTool sandbox without any indication to the user.
Requested change
Decouple skills from the sandbox: don't set privileged: true unless the sandbox is explicitly requested. The existing guard already implements the opt-out direction — the default just needs to flip so restricted-PSS clusters work out of the box without silently losing the sandbox.
Problem
On clusters with restricted Pod Security Standards, declarative agents with
spec.skillsset never reachAccepted: True. The controller setsprivileged: trueon the main container when skills are present, and restricted-PSS rejects it.Why
The
skills-initinit container handles git clone and OCI image pull — the main container doesn't need elevated privileges for skills loading.privileged: trueis only used for the in-pod BashTool srt/bubblewrap sandbox.Tying the two together means you can't use skills on any restricted-PSS cluster, even if you don't use the BashTool or don't need the in-pod sandbox (e.g. you call tools via MCP instead).
Current workaround
Set
allowPrivilegeEscalation: falseon the Agent CR. The controller already has a guard (allowPrivilegeEscalationExplicitlyFalse) that suppressesprivileged: truewhen this is set:This works but requires every skills-using Agent CR to carry the override, and it silently disables the BashTool sandbox without any indication to the user.
Requested change
Decouple skills from the sandbox: don't set
privileged: trueunless the sandbox is explicitly requested. The existing guard already implements the opt-out direction — the default just needs to flip so restricted-PSS clusters work out of the box without silently losing the sandbox.