docs: add securityContext to pod manifest

aramase · aramase · commit 587ab8592382 · 2021-06-09T17:26:18.000-07:00
Signed-off-by: Anish Ramasekar &lt;anish.ramasekar@gmail.com&gt;
diff --git a/docs/manual-install.md b/docs/manual-install.md
@@ -81,6 +81,13 @@ This guide demonstrates steps required to enable the KMS Plugin for Key Vault in
           - --healthz-path=/healthz                               # [OPTIONAL] path for health check. Default is /healthz
           - --healthz-timeout=20s                                 # [OPTIONAL] RPC timeout for health check. Default is 20s
           - -v=1
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsUser: 0
         ports:
           - containerPort: 8787                                   # Must match the value defined in --healthz-port
             protocol: TCP
diff --git a/docs/rotation.md b/docs/rotation.md
@@ -41,6 +41,13 @@ spec:
       - --healthz-path=/healthz                               # [OPTIONAL] path for health check. Default is /healthz
       - --healthz-timeout=20s                                 # [OPTIONAL] RPC timeout for health check. Default is 20s
       - -v=5
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+          - ALL
+        readOnlyRootFilesystem: true
+        runAsUser: 0
       ports:
         - containerPort: 8788                                 # Must match the value defined in --healthz-port
           protocol: TCP
