Skip to content
Snippets Groups Projects
Verified Commit 26ee6bb7 authored by Sheogorath's avatar Sheogorath :european_castle:
Browse files

feat(dns): Run with PSS restricted recommendations

parent d82ae122
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 6 additions and 0 deletions
apps/k8s01/dns/dns.yaml
+ 6
0
View file @ 26ee6bb7
...@@ -49,6 +49,10 @@ spec: ...@@ -49,6 +49,10 @@ spec:
- name: tls-secret - name: tls-secret
mountPath: "/etc/pki/dnsproxy" mountPath: "/etc/pki/dnsproxy"
readOnly: true readOnly: true
securityContext:
capabilities:
drop:
- ALL
automountServiceAccountToken: false automountServiceAccountToken: false
volumes: volumes:
- name: tls-secret - name: tls-secret
...@@ -56,6 +60,8 @@ spec: ...@@ -56,6 +60,8 @@ spec:
secretName: ingress-dns-tls secretName: ingress-dns-tls
optional: false optional: false
securityContext: securityContext:
allowPrivilegeEscalation: false
unAsNonRoot: true
seccompProfile: seccompProfile:
type: RuntimeDefault type: RuntimeDefault
sysctls: sysctls:
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment