update: Setting allowPrivilegeEscalation to false

Signed-off-by: Ivan <ivans@vaskir.co>
2022-03-17 00:46:35 +01:00 · 2022-03-17 00:46:35 +01:00 · d397aa5462
commit d397aa5462
parent af47ae4e5b
1 changed files with 3 additions and 0 deletions
--- a/pkg/issuer/acme/http/pod.go
+++ b/pkg/issuer/acme/http/pod.go
@ -202,6 +202,9 @@ func (s *Solver) buildDefaultPod(ch *cmacme.Challenge) *corev1.Pod {
 							ContainerPort: acmeSolverListenPort,
 						},
 					},
+					SecurityContext: &corev1.SecurityContext{
+						AllowPrivilegeEscalation: pointer.BoolPtr(false),
+					},
 				},
 			},
 		},