gitea_admin/k8s-and-chill
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity
k8s-and-chill/prototypes/argocd
History
Felix Wolf 33c52be1c5 feat(pss): drop 5 namespaces from PSS privileged to restricted 
argocd, cert-manager, cloudnative-pg already compliant — label flip only.
ocis: add overlay injecting seccompProfile=RuntimeDefault, drop ALL caps,
allowPrivilegeEscalation=false across all chart Deployments/CronJobs;
patch idm initContainer; harden custom precheck Job; refactor s3-backup
to rclone/rclone image (avoids apk-add-as-root).
victoria-metrics-single: overlay sets full restricted SC on the StatefulSet
that ships with empty securityContext: {}.

forgejo, traefik, kube-system stay privileged (hostPort / CSI driver).

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-03 01:24:59 +02:00
..
helm feat: Add VictoriaMetrics monitoring stack 2026-03-31 00:20:23 +02:00
vendir feat: Initial setup of GitOps-managed Kubernetes cluster 2026-03-30 18:21:05 +02:00
ytt feat(pss): drop 5 namespaces from PSS privileged to restricted 2026-05-03 01:24:59 +02:00
app-data.ytt.yaml feat: Initial setup of GitOps-managed Kubernetes cluster 2026-03-30 18:21:05 +02:00