From 26ee6bb7bc8ce1ef74d75b6b9f91123bf5b98ed6 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 15 Sep 2023 23:10:12 +0200
Subject: [PATCH] feat(dns): Run with PSS restricted recommendations

---
 apps/k8s01/dns/dns.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml
index 7e6374f7e..0d768cd25 100644
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
@@ -49,6 +49,10 @@ spec:
             - name: tls-secret
               mountPath: "/etc/pki/dnsproxy"
               readOnly: true
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
       automountServiceAccountToken: false
       volumes:
         - name: tls-secret
@@ -56,6 +60,8 @@ spec:
             secretName: ingress-dns-tls
             optional: false
       securityContext:
+        allowPrivilegeEscalation: false
+        unAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
         sysctls:
-- 
GitLab