Skip to content

Instantly share code, notes, and snippets.

@becki-at-luminal
Created October 11, 2021 14:35
Show Gist options
  • Save becki-at-luminal/3cd094095fed29d81264817d7a97bd60 to your computer and use it in GitHub Desktop.
Save becki-at-luminal/3cd094095fed29d81264817d7a97bd60 to your computer and use it in GitHub Desktop.
Securing a Kubernetes pod with Regula and OPA (blog post) -- noncompliant and compliant Kubernetes manifests
apiVersion: v1
kind: Pod
metadata:
name: hello
annotations:
seccomp.security.alpha.kubernetes.io/pod: "runtime/default"
spec:
securityContext:
runAsUser: 1001
automountServiceAccountToken: false
containers:
- name: hello
image: busybox
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
securityContext:
capabilities:
drop: ["ALL"]
apiVersion: v1
kind: Pod
metadata:
name: hello
spec:
containers:
- name: hello
image: busybox
command: ['sh', '-c', 'echo "Hello, Kubernetes!" && sleep 3600']
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment