A Kubernetes operator that bridges Hardware Security Module (HSM) data storage with Kubernetes Secrets, providing true secret portability th
fix
+2
-2
+2
-2
internal/controller/hsmpool_agent_controller.go
+2
-2
internal/controller/hsmpool_agent_controller.go
···
664
664
},
665
665
},
666
666
SecurityContext: &corev1.SecurityContext{
667
-
Privileged: truePtr, // Still no privileged containers
667
+
Privileged: truePtr, // Still no privileged containers
668
668
AllowPrivilegeEscalation: falsePtr, // Still no privilege escalation
669
-
ReadOnlyRootFilesystem: falsePtr, // Possible with distroless
669
+
ReadOnlyRootFilesystem: falsePtr, // Possible with distroless
670
670
RunAsNonRoot: falsePtr, // Root required for USB
671
671
RunAsUser: &rootUserId,
672
672
SeccompProfile: &corev1.SeccompProfile{