Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Securing a Kubernetes pod with Regula and OPA (blog post) -- noncompliant and compliant Kubernetes manifests
apiVersion: v1
kind: Pod
metadata:
name: hello
annotations:
seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
spec:
securityContext:
runAsUser: 1001
automountServiceAccountToken: false
containers:
- name: hello
image: busybox
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
securityContext:
capabilities:
drop: ["ALL"]
apiVersion: v1
kind: Pod
metadata:
name: hello
spec:
containers:
- name: hello
image: busybox
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment