Fix security concerns

giantswarm · Jun 27, 2023 · 5dfec4c · 5dfec4c
1 parent 898dd5d
commit 5dfec4c
Show file tree

Hide file tree

Showing 3 changed files with 16 additions and 53 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -7,6 +7,10 @@ and this project's packages adheres to [Semantic Versioning](http://semver.org/s
 
 ## [Unreleased]
 
+### Fixed
+
+- Fix security concerns.
+
 ## [1.2.0] - 2023-06-27
 
 ### Added

diff --git a/helm/sloth/templates/kyverno-policy-exception.yaml b/helm/sloth/templates/kyverno-policy-exception.yaml
diff --git a/helm/sloth/values.yaml b/helm/sloth/values.yaml
@@ -70,15 +70,15 @@ customSloConfig:
 #     effect: NoSchedule
 
 securityContext:
-  pod: null
-  #   fsGroup: 100
-  #   runAsGroup: 1000
-  #   runAsNonRoot: true
-  #   runAsUser: 100
-  container: null
-  #   allowPrivilegeEscalation: false
-
-# Enable Kyverno PolicyException
-kyvernoPolicyExceptions:
-  enabled: true
-  namespace: giantswarm
+  pod:
+    runAsNonRoot: true
+    runAsUser: 65534
+    seccompProfile:
+      type: RuntimeDefault
+  container:
+    allowPrivilegeEscalation: false
+    seccompProfile:
+      type: RuntimeDefault
+    capabilities:
+      drop:
+        - ALL