Additional pod and container hardening

Question

Additional pod and container hardening

Closed this issue 5 months ago · 1 comments

We're using the following settings for our deployment --

Container security context:

          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              drop:
                - ALL
            privileged: false
            readOnlyRootFilesystem: true
            runAsUser: 65532
            runAsGroup: 65532
            runAsNonRoot: true
            seccompProfile:
              type: RuntimeDefault

Pod security context:

      securityContext:
        runAsUser: 65532
        runAsGroup: 65532
        runAsNonRoot: true
        seccompProfile:
          type: RuntimeDefault

Using these as the default would be useful, as it makes this controller installable into a wider number of clusters (e.g. clusters with restrictive admission controllers)

Answer 1 · 2023-08-23T08:55:54.000Z

Happy to take a patch on this.