Skip to content

Enhance the pod security

The Lava service has been running with some admin privileges so far. This fix aims to enhance the security of the pod by configuring the values of securityContext and podSecurityContext to better control the actions and permissions of the container.

Additionally, specifying the filesystem as read-only, new volumes have been added to allow the service to store necessary files during execution.

Signed-off-by: Pablo Vigo

Edited by Pablo Vigo Mas

Merge request reports