Configuring pod security providers
Pod Security Providers allow you to manage the security context for all pods and containers managed by the Strimzi Cluster Operator from a single location. That is, a Security Provider defines the default security context of the pods and containers that the Strimzi Cluster Operator creates and manages.
- Baseline
- The Baseline Provider is based on the Kubernetes baseline security profile. This is a minimally restrictive profile that prevents privilege escalations and defines other standard access controls and limitations.
- Restricted
- The Restricted Provider is based on the Kubernetes restricted security profile. This is a highly restrictive profile that is aimed for use in environments where high levels of security is critical.
By default, the Strimzi Cluster Operator uses the Baseline Provider. To use the
Restricted Provider, set the
STRIMZI_POD_SECURITY_PROVIDER_CLASS
environment variable of the Strimzi Cluster Operator to restricted
.
helm upgrade csm-operator [***HELM CHART***] --namespace [***NAMESPACE***] \
--set extraEnvs[0].name=STRIMZI_POD_SECURITY_PROVIDER_CLASS \
--set extraEnvs[0].value=resticted \
--reuse-values