[v2.9] Improve securityContext for operator Deployment - Githubissues

rancher / aks-operator

Azure Kubernetes Service operator for Rancher

Apache License 2.0

9 stars 29 forks source link

[v2.9] Improve securityContext for operator Deployment #605

Closed mjura closed 1 month ago

mjura commented 1 month ago

Restrict container from acquiring additional privileges (securityContext.allowPrivilegeEscalation)
Mount container's root filesystem as read only (securityContext.readOnlyRootFilesystem)
Ensure that container won't be started as privileged container (securityContext.privileged)

Issue: https://github.com/rancher/aks-operator/issues/591 (cherry picked from commit 7bc096f030238b2384c4ed7e5f1ae66ebf23be17)

What this PR does / why we need it:

Which issue(s) this PR fixes Issue #

Special notes for your reviewer:

Checklist:

[ ] squashed commits into logical changes
[ ] includes documentation
[ ] adds unit tests
[ ] adds or updates e2e tests
[ ] backport needed