Hardening deployment of adcs-issuer

[djkormo]

TODO Hardening deployment of adcs-issuer

Starting point

Grade: C Score: 75%

polaris audit --color --format pretty --only-show-failed-tests

Deployment adcs-issuer-controller-manager in namespace adcs-issuer
    missingPodDisruptionBudget           😬 Warning
        Reliability - Should have a PodDisruptionBudget
    deploymentMissingReplicas            😬 Warning
        Reliability - Only one replica is scheduled
    metadataAndInstanceMismatched        😬 Warning
        Reliability - Label app.kubernetes.io/instance must match metadata.name
    automountServiceAccountToken         😬 Warning
        Security - The ServiceAccount will be automounted
    missingNetworkPolicy                 😬 Warning
        Security - A NetworkPolicy should match pod labels and contain applied egress and ingress rules
    priorityClassNotSet                  😬 Warning
        Reliability - Priority class should be set
    topologySpreadConstraint             😬 Warning
        Reliability - Pod should be configured with a valid topology spread constraint
  Container manager
    insecureCapabilities                 😬 Warning
        Security - Container should not have insecure capabilities
    notReadOnlyRootFilesystem            😬 Warning
        Security - Filesystem should be read only
    privilegeEscalationAllowed           ❌ Danger
        Security - Privilege escalation should not be allowed
    linuxHardening                       😬 Warning
        Security - Use one of AppArmor, Seccomp, SELinux, or dropping Linux Capabilities to restrict containers using unwanted privileges
    readinessProbeMissing                😬 Warning
        Reliability - Readiness probe should be configured
    livenessProbeMissing                 😬 Warning
        Reliability - Liveness probe should be configured

[djkormo]

New version of helm chart should be prepared