pod security - privileged

2024-10-21 13:47:48 +02:00
parent 0d99e74d90
commit d6ee8a7f4e
1 changed files with 10 additions and 8 deletions
--- a/argocd/apps/minio/minio.yaml
+++ b/argocd/apps/minio/minio.yaml
@@ -45,18 +45,20 @@ spec:
        - name: apiIngress.annotations.traefik\.ingress\.kubernetes\.io\/router\.tls
          value: 'true'
          forceString: true
-        - name: containerSecurityContext.allowPrivilegeEscalation
-          value: 'false'
-        - name: containerSecurityContext.capabilities.drop
-          value: 'ALL'
-        - name: containerSecurityContext.runAsNonRoot
-          value: 'true'
-        - name: containerSecurityContext.seccompProfile.type
-          value: 'RuntimeDefault'
+#        - name: containerSecurityContext.allowPrivilegeEscalation
+#          value: 'false'
+#        - name: containerSecurityContext.capabilities.drop
+#          value: 'ALL'
+#        - name: containerSecurityContext.runAsNonRoot
+#          value: 'true'
+#        - name: containerSecurityContext.seccompProfile.type
+#          value: 'RuntimeDefault'
    chart: minio
  destination:
    server: 'https://kubernetes.default.svc'
    namespace: minio
+    labels:
+      pod-security.kubernetes.io/enforce: privileged
  syncPolicy:
    automated:
      selfHeal: true