scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-11-02 10:57:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(netbird-relay): harden security

Browse Source
This commit is contained in:
Vegard Hagen
2025-01-05 15:40:20 +01:00
parent a99b4c6e14
commit c35ba49135
1 changed files with 11 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
k8s/infra/vpn/netbird/relay/deployment.yaml
View File

@@ -12,10 +12,20 @@ spec:
labels: labels:
app.kubernetes.io/name: relay app.kubernetes.io/name: relay
spec: spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers: containers:
- image: netbirdio/relay:0.35.2 # renovate: docker=netbirdio/relay - image: netbirdio/relay:0.35.2 # renovate: docker=netbirdio/relay
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
name: netbird-relay name: relay
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: false
capabilities:
drop: [ ALL ]
add: [ NET_ADMIN, NET_RAW, PERFMON, BPF ]
envFrom: envFrom:
- configMapRef: - configMapRef:
name: relay-config name: relay-config