Closed alex1989hu closed 3 years ago
lgtm :+1:
cc @squat @kakkoyun @metalmatze
🥇 LGTM. Of course, we'd prefer things more secure.
@alex1989hu Can I assume you have already tested it and good go?
Sure, the container is fine. Furthermore, it also fine with hardened options spec.template.spec.containers
:
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
capabilities:
drop:
- ALL
Move to gcr.io/distroless/static image which has non-root user.
Signed-off-by: Alex Szakaly alex.szakaly@gmail.com
Fixes #56