Update MUO to use proper pod and container security context

Azure · Feb 2, 2024 · 7a40bfb · 7a40bfb
1 parent d371674
commit 7a40bfb
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/pkg/operator/controllers/muo/staticresources/deployment.yaml b/pkg/operator/controllers/muo/staticresources/deployment.yaml
@@ -36,6 +36,10 @@ spec:
               path: tls-ca-bundle.pem
           name: trusted-ca-bundle
         name: trusted-ca-bundle
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: managed-upgrade-operator
           # Replace this with the built image name
@@ -70,3 +74,9 @@ spec:
           - mountPath: /etc/pki/ca-trust/extracted/pem
             name: trusted-ca-bundle
             readOnly: true
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+              - ALL
+            runAsNonRoot: true