Closed mgrzybek closed 2 months ago
[Triage] Thanks @mgrzybek for pointing this, can you please contribute addressing this issue and limiting the permissions as required? Adding @bbarani @salyh @jochenkressin @pchmielnik @swoehrl-mw
Hi,
I can have a look. It seems that the work has been started but is still unfinished. https://github.com/opensearch-project/opensearch-k8s-operator/blob/307a9f99ee0fade799d5f05e2217763516515c38/charts/opensearch-operator/values.yaml#L74
Looks like something like this should work:
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault # Or localhost?
capabilities:
drop:
- all
What is the bug?
The manifest of the operator does not implement some security features requires by secured Kubernetes deployments:
kube-rbac-proxy
How can one reproduce the bug?
What is the expected behavior?
The
securityContext
attributes should be declared.What is your host/environment?
Talos Linux: v1.6.1 Kubernetes: v1.29.0
Do you have any screenshots?
Do you have any additional context?
N.A.