From 2f4eacb9edc57ef4daa4e0ad6d198b78914d39a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Simen=20R=C3=B8stvik?= Date: Tue, 15 Nov 2022 10:33:14 +0100 Subject: [PATCH] More sec stuff --- apps/templates/traefik.yaml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/apps/templates/traefik.yaml b/apps/templates/traefik.yaml index 8ceb84a..1530a61 100644 --- a/apps/templates/traefik.yaml +++ b/apps/templates/traefik.yaml @@ -34,7 +34,13 @@ spec: hasDns: "true" securityContext: + capabilities: + drop: [ALL] + add: [NET_BIND_SERVICE] + readOnlyRootFilesystem: true + runAsGroup: 0 runAsNonRoot: false + runAsUser: 0 affinity: podAntiAffinity: