Disable container privilege escalation.

Per Azure best practice, disable a container's ability to escalate its privileges. https://docs.microsoft.com/en-us/azure/aks/developer-best-practices-pod-security#secure-pod-access-to-resources
2020-01-28 14:10:55 -05:00
parent e1ff093651
commit b630433aa8
3 changed files with 12 additions and 0 deletions
--- a/deploy/shared/migration.yaml
+++ b/deploy/shared/migration.yaml
@@ -16,6 +16,8 @@ spec:
      containers:
      - name: migration
        image: $CONTAINER_IMAGE
+        securityContext:
+          allowPrivilegeEscalation: false
        command: [
          "/bin/sh", "-c"
        ]