Hi there,
We are testing the integration of this webhook with otomi-core project.
Would you consider running it as a non-root user ?
It would strengthen the security posture and allow to define a proper security context in the values.yaml file.
E.g.:
# Pod Security Context
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
securityContext:
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
# Container Security Context to be set on the controller component container
# ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
runAsNonRoot: true
Hi there, We are testing the integration of this webhook with otomi-core project.
Would you consider running it as a non-root user ? It would strengthen the security posture and allow to define a proper security context in the
values.yaml
file. E.g.:Cheers!