Enhance the pod security (!9) · Merge requests · lava / lava-helm-charts

Pablo Vigo Mas requested to merge pvigo/lava-helm-charts:wip/pvigo/run-nonroot-user into main Feb 19, 2024

The Lava service has been running with some admin privileges so far. This fix aims to enhance the security of the pod by configuring the values of securityContext and podSecurityContext to better control the actions and permissions of the container.

Additionally, specifying the filesystem as read-only, new volumes have been added to allow the service to store necessary files during execution.

Signed-off-by: Pablo Vigo pvigo@collabora.com

Edited Feb 19, 2024 by Pablo Vigo Mas

Enhance the pod security

Merge request reports