New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pod Security Review Feedback #38
Comments
I see some of them already mentioned in the PR |
This is fine I guess. One
It looks fine. If it's empty then it's not set. I think that in YAML empty field is the same as not set field.
Yes, you're right, it was removed in #37 .
Yeah, I think we could add it. For clarity I've created a separate GH Issue #41 |
I see that caused some lint errors. Apparently, @dacleyra has removed one of them in the PR
What happens if we just remove if condition and move |
Actually you're right. That's the fix: #42
If |
I am probably focusing on readability... I feel refactoring into following would be more compact. Is there any problem with the following statement?
|
@mesutcelik You're change is not just about readability. But I guess it's fine, we should never need to write to the root filesystem or allow priviledge escalation, even if you run as a root. I've created a PR to fix it. PTAL. |
runAsUser
is always set?fsgroup
is not part of SecurityContext. see the docRunAsGroup
field?The text was updated successfully, but these errors were encountered: