sops-secrets-operator icon indicating copy to clipboard operation
sops-secrets-operator copied to clipboard

Published 20 hours ago verified publisher icon isindir

In security context is capabilities NET_BIND_SERVICE needed?

Open twingate-blee opened this issue 8 months ago • 0 comments

Is the capabilities NET_BIND_SERVICE needed?

To pass the pod security policy

kubectl label --dry-run=server --overwrite ns sops \
   pod-security.kubernetes.io/enforce=restricted \
   pod-security.kubernetes.io/enforce-version=latest

I would like to change the security context to

    capabilities:
      drop:
        - all

vs

    capabilities:
      drop:
        - all
      add:
        - NET_BIND_SERVICE

twingate-blee avatar Jun 17 '24 21:06 twingate-blee