Skip to content

Feat: Add support to define (overwrite) SecurityContext #1437

New issue
New issue
Closed as not planned
#1733
Closed as not planned
Feat: Add support to define (overwrite) SecurityContext#1437
#1733
Labels
kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.
@cbugneac-nex

Description

@cbugneac-nex
cbugneac-nex
opened on Feb 12, 2024

Describe the solution you'd like
One of requirements from our Cyber security team is to drop capabilities where possible to improve security posture (reduce attack surface) for containers running in k8s.

In values.yaml file to define something like (example):

...
securityContext:
  capabilities:
    drop:
      - ALL
  runAsNonRoot: true
  allowPrivilegeEscalation: false
  seccompProfile:
    type: RuntimeDefault

Anything else you would like to add:
At the moment, this is not possible as it's hardcoded https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml#L113

Environment:

  • Secrets Store CSI Driver version: (use the image tag): v1.4.1
  • Kubernetes version: (use kubectl version): EKS version 1.26.12

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind/featureCategorizes issue or PR as related to a new feature.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions