outposts: run containers as non root (#5212)
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
549e4dcb94
commit
8b78570597
|
@ -108,7 +108,6 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
|
|||
V1ObjectReference(name=secret) for secret in image_pull_secrets
|
||||
],
|
||||
security_context=V1PodSecurityContext(
|
||||
run_as_non_root=True,
|
||||
seccomp_profile=V1SeccompProfile(
|
||||
type="RuntimeDefault",
|
||||
),
|
||||
|
@ -157,6 +156,7 @@ class DeploymentReconciler(KubernetesObjectReconciler[V1Deployment]):
|
|||
),
|
||||
],
|
||||
security_context=V1SecurityContext(
|
||||
run_as_non_root=True,
|
||||
allow_privilege_escalation=False,
|
||||
capabilities=V1Capabilities(
|
||||
drop=["ALL"],
|
||||
|
|
|
@ -23,4 +23,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
|
|||
|
||||
EXPOSE 3389 6636 9300
|
||||
|
||||
USER 1000
|
||||
|
||||
ENTRYPOINT ["/ldap"]
|
||||
|
|
|
@ -36,4 +36,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
|
|||
|
||||
EXPOSE 9000 9300 9443
|
||||
|
||||
USER 1000
|
||||
|
||||
ENTRYPOINT ["/proxy"]
|
||||
|
|
|
@ -23,4 +23,6 @@ HEALTHCHECK --interval=5s --retries=20 --start-period=3s CMD [ "wget", "--spider
|
|||
|
||||
EXPOSE 1812/udp 9300
|
||||
|
||||
USER 1000
|
||||
|
||||
ENTRYPOINT ["/radius"]
|
||||
|
|
Reference in a new issue