outposts: run containers as non root (#5212)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-04-09 21:39:07 +02:00 committed by GitHub
parent 549e4dcb94
commit 8b78570597
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 7 additions and 1 deletions

View file

@ -108,7 +108,6 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
V1ObjectReference(name=secret) for secret in image_pull_secrets
],
security_context=V1PodSecurityContext(
run_as_non_root=True,
seccomp_profile=V1SeccompProfile(
type="RuntimeDefault",
),
@ -157,6 +156,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
),
],
security_context=V1SecurityContext(
run_as_non_root=True,
allow_privilege_escalation=False,
capabilities=V1Capabilities(
drop=["ALL"],

View file

@ -23,4 +23,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
EXPOSE 3389 6636 9300
USER 1000
ENTRYPOINT ["/ldap"]

View file

@ -36,4 +36,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
EXPOSE 9000 9300 9443
USER 1000
ENTRYPOINT ["/proxy"]

View file

@ -23,4 +23,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
EXPOSE 1812/udp 9300
USER 1000
ENTRYPOINT ["/radius"]