kitchen: Run as non-root user
The *kitchen* server service does not need to run as root or have any access to writable storage.
This commit is contained in:
@@ -42,11 +42,17 @@ spec:
|
|||||||
ports:
|
ports:
|
||||||
- containerPort: 8000
|
- containerPort: 8000
|
||||||
name: http
|
name: http
|
||||||
|
securityContext:
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: config
|
- name: config
|
||||||
mountPath: /kitchen.yaml
|
mountPath: /kitchen.yaml
|
||||||
subPath: config.yaml
|
subPath: config.yaml
|
||||||
readOnly: true
|
readOnly: true
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 17402
|
||||||
|
runAsGroup: 17402
|
||||||
volumes:
|
volumes:
|
||||||
- name: config
|
- name: config
|
||||||
secret:
|
secret:
|
||||||
|
|||||||
Reference in New Issue
Block a user