-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Configure securityContext by default for implementing Pod Security Standard #325
Comments
Currently it is possible to set the podSecurityContext but it is not possible to set the containerSecurityContext (e.g. drop all capabilities, allowPrivilegeEscalation to false). |
Thanks @avthart - Indeed, that's a valid point to improve the Pod Security Standard of our platform. In the meantime, if you need that, you can always override the whole StatefulSet as mentioned in our HiveMQ documentation. Bear in mind, that doing so, you need to align the different service configuration you also may have in your custom chart values with the ones you define in your override StatefulSet. |
Thanks. Will look into this! |
In compliant Kubernetes clusters, workloads should run as secure as possible.
Therefore, it would be great if hivemq and the operator can be compliant with the Pod Security Standard restricted profile (if possible).
See https://kubernetes.io/docs/concepts/security/pod-security-standards/
The text was updated successfully, but these errors were encountered: