From d0518ca31fa4987a8dd80aa80fb835055dbce7f1 Mon Sep 17 00:00:00 2001 From: Sandeep Rajan Date: Tue, 14 Aug 2018 13:07:59 -0400 Subject: [PATCH] update deployment --- deploy/addons/coredns/coreDNS-controller.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/deploy/addons/coredns/coreDNS-controller.yaml b/deploy/addons/coredns/coreDNS-controller.yaml index 5b76bd70aee7..ff176f202397 100644 --- a/deploy/addons/coredns/coreDNS-controller.yaml +++ b/deploy/addons/coredns/coreDNS-controller.yaml @@ -41,6 +41,7 @@ spec: volumeMounts: - name: config-volume mountPath: /etc/coredns + readOnly: true ports: - containerPort: 53 name: dns @@ -51,6 +52,14 @@ spec: - containerPort: 9153 name: metrics protocol: TCP + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health