Skip to content

Commit

Permalink
Drop NET_BIND_SERVICE cap as it isn't necessary
Browse files Browse the repository at this point in the history 
NET_BIND_SERVICE is only necessary for applications the require access
to privileged ports, eg. ports under 1024. Since we are using ports that
any user may listen on, this is unnecessary
  • Loading branch information
@drGrove
drGrove committed Nov 13, 2023
1 parent ade0cdf commit 260aad3
Show file tree
Hide file tree
Showing 2 changed files with 0 additions and 4 deletions.
2 changes: 0 additions & 2 deletions config/base/api.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,8 +86,6 @@ spec:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
volumes:
- name: config
configMap:
Expand Down
2 changes: 0 additions & 2 deletions config/base/watcher.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,8 +72,6 @@ spec:
capabilities:
drop:
- ALL
add:
- NET_BIND_SERVICE
volumes:
- name: tls
secret:
Expand Down

0 comments on commit 260aad3

Please sign in to comment.