From 5f630d3f64ce31b75c03c0673caa1a709891ea16 Mon Sep 17 00:00:00 2001 From: RajshriSkillup <132663983+RajshriSkillup@users.noreply.github.com> Date: Wed, 3 Dec 2025 10:46:37 +0530 Subject: [PATCH 1/2] Enhance security context in hello-world-apply.yaml Added security context to the deployment configuration. --- labs/2_IntroKubernetes/hello-world-apply.yaml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/labs/2_IntroKubernetes/hello-world-apply.yaml b/labs/2_IntroKubernetes/hello-world-apply.yaml index 83b0f9b..9cf68f1 100644 --- a/labs/2_IntroKubernetes/hello-world-apply.yaml +++ b/labs/2_IntroKubernetes/hello-world-apply.yaml @@ -33,10 +33,17 @@ spec: memory: 30Mi requests: cpu: 1m - memory: 10Mi + memory: 10Mi + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + runAsUser: 999 imagePullSecrets: - name: icr dnsPolicy: ClusterFirst restartPolicy: Always - securityContext: {} terminationGracePeriodSeconds: 30 From 90f72d7ffe3e2cff1f85d83dc98acf758ac4851c Mon Sep 17 00:00:00 2001 From: RajshriSkillup <132663983+RajshriSkillup@users.noreply.github.com> Date: Wed, 3 Dec 2025 10:46:59 +0530 Subject: [PATCH 2/2] Enhance hello-world deployment with security context Add security context to hello-world deployment --- labs/2_IntroKubernetes/hello-world-create.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/labs/2_IntroKubernetes/hello-world-create.yaml b/labs/2_IntroKubernetes/hello-world-create.yaml index ccb8047..2f37dfd 100644 --- a/labs/2_IntroKubernetes/hello-world-create.yaml +++ b/labs/2_IntroKubernetes/hello-world-create.yaml @@ -8,5 +8,13 @@ spec: image: us.icr.io//hello-world:1 ports: - containerPort: 8080 + securityContext: + allowPrivilegeEscalation: false + runAsNonRoot: true + capabilities: + drop: ["ALL"] + seccompProfile: + type: "RuntimeDefault" + runAsUser: 999 imagePullSecrets: - name: icr