Merge pull request #709 from mjura/charts-main

Improve securityContext for operator Deployment
rancher · Jul 24, 2024 · b03a6b1 · b03a6b1
2 parents 02654c9 + 17617ad
commit b03a6b1
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/charts/eks-operator/templates/deployment.yaml b/charts/eks-operator/templates/deployment.yaml
@@ -39,6 +39,13 @@ spec:
           value: {{ .Values.httpsProxy }}
         - name: NO_PROXY
           value: {{ .Values.noProxy }}
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          privileged: false
+          capabilities:
+            drop:
+            - ALL
 {{- if .Values.additionalTrustedCAs }}
         # eks-operator mounts the additional CAs in two places:
         volumeMounts: