Drop Linux capabilities

Signed-off-by: GitHub <noreply@github.com>
2022-02-01 09:25:21 +00:00
parent 6bfb07aac2
commit 931af3241d
14 changed files with 58 additions and 2 deletions
--- a/manifests/kubeStateMetrics-deployment.yaml
+++ b/manifests/kubeStateMetrics-deployment.yaml
@@ -43,6 +43,9 @@ spec:
            memory: 190Mi
        securityContext:
          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
          readOnlyRootFilesystem: true
          runAsUser: 65534
      - args:
@@ -64,6 +67,9 @@ spec:
            memory: 20Mi
        securityContext:
          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
          readOnlyRootFilesystem: true
          runAsGroup: 65532
          runAsNonRoot: true
@@ -87,6 +93,9 @@ spec:
            memory: 20Mi
        securityContext:
          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
          readOnlyRootFilesystem: true
          runAsGroup: 65532
          runAsNonRoot: true