Privileged flag for EKS Fargate launch profile

[OwenDelahoy]

Concourse workers can not launch from eks in fargate due to privileged: true

concourse-chart/templates/worker-statefulset.yaml

Line 64 in 8fe5b30

privileged: true

The following error is returned from fargate when trying to launch the pod:
Warning FailedScheduling <unknown> fargate-scheduler Pod not supported on Fargate: invalid SecurityContext fields: Privileged

Does this always need to run with privileged: true?
Or just by privileged tasks?
https://concourse-ci.org/jobs.html#schema.step.task-step.privileged

There is a another discussion regarding this flag here:
#60 (comment)

[taylorsilva]

The workers always need privileged: true because both the guardian and containerd runtime need to be root in order to create containers, even non-privileged ones. Currently there is no way around this.

In the future we're planning to create a k8s runtime which would not require privileged workers in your k8s clusters. concourse/rfcs#81

Another possibility is running containerd in rootless mode. We haven't experimented with this though.