More sec stuff

This commit is contained in:
Simen Røstvik 2022-11-15 10:33:14 +01:00
parent 07c7253447
commit 2f4eacb9ed

View File

@ -34,7 +34,13 @@ spec:
hasDns: "true" hasDns: "true"
securityContext: securityContext:
capabilities:
drop: [ALL]
add: [NET_BIND_SERVICE]
readOnlyRootFilesystem: true
runAsGroup: 0
runAsNonRoot: false runAsNonRoot: false
runAsUser: 0
affinity: affinity:
podAntiAffinity: podAntiAffinity: