Next up in our blog series about Flux Security is how we moved to Pod Security Standard “restricted”, all the background info you need to know and how that makes things safer for you. Since version 0.26 of Flux we are applying [..] the restricted pod security standard to all controllers. In practice this means: all Linux capabilities were dropped the root filesystem was set to read-only the seccomp profile was set to the runtime default run as non-root was enabled the filesystem group was...
