Skip to content

Commit

Permalink
Improve TAS container security
Browse files Browse the repository at this point in the history 
This commit will:
- drop all priviledges
- set allowPrivilegeEscalation to false
- set a non-root user for runAsGroup
- enable default seccompProfile

Signed-off-by: Madalina Lazar <madalina.lazar@intel.com>
  • Loading branch information
@madalazar @uniemimu
madalazar authored and uniemimu committed Dec 23, 2022
1 parent 5593d5b commit 692d5ff
Showing 1 changed file with 5 additions and 2 deletions.
7 changes: 5 additions & 2 deletions telemetry-aware-scheduling/deploy/tas-deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,11 +29,14 @@ spec:
imagePullPolicy: IfNotPresent
securityContext:
capabilities:
drop:
- all
drop: [ 'ALL' ]
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 10001
allowPrivilegeEscalation: false
runAsGroup: 10001
seccompProfile:
type: RuntimeDefault
volumeMounts:
- name: certs
mountPath: /tas/cert
Expand Down

0 comments on commit 692d5ff

Please sign in to comment.