When we create a pod/container, it will be given root access if it wants to elevate later.
So, it is termed as privileged container.
To restrict that, we can change in the pod definition with a securityContext.
Either in the pod or deployment yaml file.
apiVersion: apps/v1
kind: Deployment
metadata:
name: dartservice
spec:
replicas: 1
selector:
matchLabels:
service: dartservice
app: dartservice
template:
metadata:
labels:
service: dartservice
app: dartservice
spec:
serviceAccountName: dartservice
containers:
- name: dartservice
image: dartserverlinux.azurecr.io/dart:4.0
ports:
- containerPort: 18170
volumeMounts:
- name: config
mountPath: /company/dart Server
- name: config
mountPath: /home/spring/company/dart Server
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 999
imagePullSecrets:
- name: acr-quest
volumes:
- name: config
configMap:
name: database-configmap
items:
- key: config
path: dartConfiguration.properties
No comments:
Post a Comment