In k8s 1.23 kubectl debug was introduced.
As a part of this we have already added basic rules to make sure that the debug container can't run in privileged mode.
But to make sure that we know exactly witch software that is running in the debug containers we should also limit the image that can be used for a debug pod.
DoD:
Create the image in a good fitting repo with automatic updates etc. and publish it.
In k8s 1.23 kubectl debug was introduced. As a part of this we have already added basic rules to make sure that the debug container can't run in privileged mode.
But to make sure that we know exactly witch software that is running in the debug containers we should also limit the image that can be used for a debug pod.
DoD: