Update Job and CronJob YAML to run as non-root

2026-01-26 05:14:13 +01:00 · 2021-02-09 23:09:59 -06:00
parent fbd17d4caf
commit dfc76906d4
2 changed files with 16 additions and 0 deletions
--- a/kubernetes/cronjob/cronjob.yaml
+++ b/kubernetes/cronjob/cronjob.yaml
@@ -31,6 +31,14 @@ spec:
              requests:
                cpu: "500m"
                memory: "256Mi"
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                  - ALL
+              privileged: false
+              readOnlyRootFilesystem: true
+              runAsNonRoot: true
          restartPolicy: "Never"
          serviceAccountName: descheduler-sa
          volumes:
--- a/kubernetes/job/job.yaml
+++ b/kubernetes/job/job.yaml
@@ -29,6 +29,14 @@ spec:
            requests:
              cpu: "500m"
              memory: "256Mi"
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            privileged: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
      restartPolicy: "Never"
      serviceAccountName: descheduler-sa
      volumes: