Skip to content

Commit

Permalink
updated security context constraint for gateway, removed unnecessary …
Browse files Browse the repository at this point in the history 
…permissions
  • Loading branch information
@missylbytes
missylbytes committed Aug 7, 2023
1 parent f101782 commit f8e7525
Showing 1 changed file with 6 additions and 10 deletions.
16 changes: 6 additions & 10 deletions charts/consul/templates/api-gateway-securitycontextconstraints.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,21 +17,17 @@ allowHostDirVolumePlugin: false
allowHostIPC: false
allowHostNetwork: {{ .Values.client.hostNetwork }}
allowHostPID: false
allowHostPorts: true
allowHostPorts: false
allowPrivilegeEscalation: false
allowPrivilegedContainer: true
allowedCapabilities: null
defaultAddCapabilities:
allowPrivilegedContainer: false
allowedCapabilities:
- NET_BIND_SERVICE
fsGroup:
type: RunAsAny
readOnlyRootFilesystem: true
requiredDropCapabilities:
- ALL
runAsUser:
type: RunAsAny
type: MustRunAsRange
seLinuxContext:
type: RunAsAny
supplementalGroups:
type: RunAsAny
type: MustRunAs
volumes: []
{{- end }}

0 comments on commit f8e7525

Please sign in to comment.