Closed uhthomas closed 1 year ago
The current default values do not comply with the restricted pod security policy.
See:
Something like this should be fine:
podSecurityContext: runAsUser: 1000 runAsGroup: 3000 runAsNonRoot: true fsGroup: 2000 seccompProfile: type: RuntimeDefault securityContext: capabilities: drop: - ALL readOnlyRootFilesystem: true allowPrivilegeEscalation: false
I've tested this security context and it works as expected, assuming /tmp is mounted as writable.
/tmp
The current default values do not comply with the restricted pod security policy.
See:
Something like this should be fine:
I've tested this security context and it works as expected, assuming
/tmp
is mounted as writable.