Closed gabegorelick closed 2 years ago
I've been running KES with allowPrivilegeEscalation: false
, readOnlyRootFilesystem: true
, runAsUser: 1000
, and capabilities: {drop: [all]}
without any issues.
This issue is stale because it has been open 90 days with no activity. Remove stale label or comment or this will be closed in 30 days.
This issue was closed because it has been stalled for 30 days with no activity.
780 introduced the ability to set a container securityContext, while pod-level securityContext has been supported since #200. However, only
runAsNonRoot
is enabled by default.Other settings that should potentially be enabled by default (subject to testing):
runAsUser: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation
, if no suid binaries are used