secrets-store-csi-driver icon indicating copy to clipboard operation
secrets-store-csi-driver copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Feat: Add support to define (overwrite) SecurityContext

Open cbugneac-nex opened this issue 1 year ago • 3 comments

Describe the solution you'd like One of requirements from our Cyber security team is to drop capabilities where possible to improve security posture (reduce attack surface) for containers running in k8s.

In values.yaml file to define something like (example):

...
securityContext:
  capabilities:
    drop:
      - ALL
  runAsNonRoot: true
  allowPrivilegeEscalation: false
  seccompProfile:
    type: RuntimeDefault

Anything else you would like to add: At the moment, this is not possible as it's hardcoded https://github.com/kubernetes-sigs/secrets-store-csi-driver/blob/main/charts/secrets-store-csi-driver/templates/secrets-store-csi-driver.yaml#L113

Environment:

  • Secrets Store CSI Driver version: (use the image tag): v1.4.1
  • Kubernetes version: (use kubectl version): EKS version 1.26.12

cbugneac-nex avatar Feb 12 '24 17:02 cbugneac-nex

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar May 13 '24 07:05 k8s-triage-robot

/remove-lifecycle stale

Constantin07 avatar May 13 '24 07:05 Constantin07

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Aug 11 '24 08:08 k8s-triage-robot