deploy: add container security context

- deny privilege escalation - set readonly root fs - add tmp emptyDir volume
2020-04-24 10:20:48 +03:00 · 2020-04-24 10:20:48 +03:00 · d0cdb6b029
parent 4b465563b4
commit d0cdb6b029
1 changed files with 7 additions and 0 deletions
--- a/config/manager/deployment.yaml
+++ b/config/manager/deployment.yaml
@ -23,6 +23,9 @@ spec:
      - name: manager
        image: fluxcd/source-controller
        imagePullPolicy: IfNotPresent
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
        ports:
          - containerPort: 8080
            name: http
@ -46,6 +49,10 @@ spec:
        volumeMounts:
          - name: data
            mountPath: /data
+          - name: tmp
+            mountPath: /tmp
      volumes:
        - name: data
          emptyDir: {}
+        - name: tmp
+          emptyDir: {}