github/kubernetes
4
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
a32e5b6a59
kubernetes/cluster/addons/dns/coredns
History
Kubernetes Submit Queue 2f011d01fa
Merge pull request #64473 from nberlee/master 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Drop capabilities of CoreDNS container and run in read-only

**What this PR does / why we need it**: Make the CoreDNS container more secure by dropping (root) capabilities. Improve the integrity of the of the container by running the whole container in read-only.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
Same [changes](aba0245609) as in the CoreDNS deployment repository.
**Release note**:

```release-note
Kubeadm: Make CoreDNS run in read-only mode and drop all unneeded privileges 
```
2018-06-05 10:23:19 -07:00
..
coredns.yaml.base Merge pull request #64473 from nberlee/master 2018-06-05 10:23:19 -07:00
coredns.yaml.in Merge pull request #64473 from nberlee/master 2018-06-05 10:23:19 -07:00
coredns.yaml.sed Merge pull request #64473 from nberlee/master 2018-06-05 10:23:19 -07:00
Makefile create coredns and kube-dns folders 2018-05-29 11:52:57 -04:00
transforms2salt.sed create coredns and kube-dns folders 2018-05-29 11:52:57 -04:00
transforms2sed.sed create coredns and kube-dns folders 2018-05-29 11:52:57 -04:00