forbid privilege escalation for frontend pod

Signed-off-by: Ivan Milchev <[email protected]>
podkrepi-bg · Dec 7, 2022 · b96d06d · b96d06d
1 parent 72176f0
commit b96d06d
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/manifests/base/deployment.yaml b/manifests/base/deployment.yaml
@@ -33,6 +33,7 @@ spec:
             runAsUser: 1001
             runAsGroup: 1001
             readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: false
             capabilities:
               drop:
                 - NET_RAW