cloud-on-k8s icon indicating copy to clipboard operation
cloud-on-k8s copied to clipboard

Published 20 hours ago verified publisher icon elastic

Improve security setting to meet kyverno requirements (drop-cap-net-raw, require-emptydir-requests-and-limits)

Open brainstorm82 opened this issue 6 months ago • 0 comments

Proposal

  1. Init container do not drop "CAP_NET_RAW" on the elasticsearch master and data StatefulSet (drop-cap-net-raw)
  2. elasticsearch-logs and tmp-volume volumes do not define or allow configuration of sizeLimit (require-emptydir-requests-and-limits)

Use case. Why is this important? More kyverno policies would be fullfilled which is often required by companies to deploy the service

brainstorm82 avatar Aug 26 '24 12:08 brainstorm82