From d397aa546287f546bf3a55866fcef4213963fa60 Mon Sep 17 00:00:00 2001
From: Ivan <ivans@vaskir.co>
Date: Thu, 17 Mar 2022 00:46:35 +0100
Subject: [PATCH] update: Setting allowPrivilegeEscalation to false

Signed-off-by: Ivan <ivans@vaskir.co>
---
 pkg/issuer/acme/http/pod.go | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkg/issuer/acme/http/pod.go b/pkg/issuer/acme/http/pod.go
index 398e32592..79f37eaf2 100644
--- a/pkg/issuer/acme/http/pod.go
+++ b/pkg/issuer/acme/http/pod.go
@@ -202,6 +202,9 @@ func (s *Solver) buildDefaultPod(ch *cmacme.Challenge) *corev1.Pod {
 							ContainerPort: acmeSolverListenPort,
 						},
 					},
+					SecurityContext: &corev1.SecurityContext{
+						AllowPrivilegeEscalation: pointer.BoolPtr(false),
+					},
 				},
 			},
 		},