Configure podSecurityContext
Configure the pod to run as nobody/nogroup user as follows:
podSecurityContext:
runAsUser: 65534
fsGroup: 65534
Configure SecurityContext
Configure security context to run with minimal possible privileges:
securityContext:
capabilities:
drop:
- ALL
add:
- "NET_ADMIN"
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 65534 # run as the nobody/nogroup user
Run on non standard port
Since we do not have permission to run ports lower tan 1024 (normally assigned by adding capability NET_BIND_SERVICE but this requires root privileges) we have to configure ASP .Net Core to listen to a port above 1024.
env:
- name: ASPNETCORE_URLS
value: http://+:8080
No comments:
Post a Comment