Skip to content

Commit

Permalink
security context - drop all capabilities
Browse files Browse the repository at this point in the history
  • Loading branch information
jmazzitelli committed Aug 24, 2022
1 parent 473f150 commit 66ac9cb
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -241,6 +241,9 @@ spec:
allowPrivilegeEscalation: false
privileged: false
runAsNonRoot: true
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /tmp/ansible-operator/runner
name: runner
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ spec:
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
ports:
- name: api-port
containerPort: {{ kiali_vars.server.port }}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,9 @@ spec:
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
ports:
- name: api-port
containerPort: {{ kiali_vars.server.port }}
Expand Down

0 comments on commit 66ac9cb

Please sign in to comment.