Open mhutter opened 10 months ago
As a security-conscious operator\ I want to configure container security contexts\ So that I can make K8up pods compliant to the "restricted" security standard\ So that I can enforce a high security standard on my cluster.
K8up already supports configuring the PodSecurityContext on the Pod level via a field in BackupSpec. However, there is also SecurityContext, which is a similar construct on the Contaner level: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
PodSecurityContext
SecurityContext
In order to be compliant with the "restricted" Pod Security Standard, both fields must be edited.
Bonus: Make the defaults compatible with "restricted" :-)
No response
Expose field in Backup spec
Backup
megian
commented
9 months ago
Summary
As a security-conscious operator\ I want to configure container security contexts\ So that I can make K8up pods compliant to the "restricted" security standard\ So that I can enforce a high security standard on my cluster.
Context
K8up already supports configuring the
PodSecurityContexton the Pod level via a field in BackupSpec. However, there is alsoSecurityContext, which is a similar construct on the Contaner level: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-containerIn order to be compliant with the "restricted" Pod Security Standard, both fields must be edited.
Bonus: Make the defaults compatible with "restricted" :-)
Out of Scope
No response
Further links
Acceptance Criteria
No response
Implementation Ideas
Expose field in
Backupspec