[
https://issues.apache.org/jira/browse/YUNIKORN-3132?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Shubham Mishra reassigned YUNIKORN-3132:
----------------------------------------
Assignee: Shubham Mishra
> Pod & Container Security Context for placeholder pods to be hardened
> --------------------------------------------------------------------
>
> Key: YUNIKORN-3132
> URL: https://issues.apache.org/jira/browse/YUNIKORN-3132
> Project: Apache YuniKorn
> Issue Type: Improvement
> Components: shim - kubernetes
> Reporter: Shubham Mishra
> Assignee: Shubham Mishra
> Priority: Major
>
> Currently the security context for placeholder pods only sets non root user
> and groups
>
> {code:java}
> Spec: v1.PodSpec{ SecurityContext: &v1.PodSecurityContext{ RunAsUser:
> &runAsUser, RunAsGroup: &runAsGroup, },{code}
> In many enterprise secure environments, this might not be enough and should
> be more restrictive by design (unless it breaks any functionality).
> Proposing to modify the placeholder.go to add following
> - *podSecurityContext:*
> podSecurityContext:
> fsGroup:3000
> runAsGroup:3000
> runAsNonRoot: true
> runAsUser:1000
> *- containerSecurityContext:*
> privileged: false
> allowPrivilegeEscalation: false
> readOnlyRootFilesystem: true
> capabilities:
> drop:
> -all
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
