Thanks to visit codestin.com
Credit goes to github.com

Skip to content

feat(operator): PSA-restricted securityContext for broker and etcd pods #163

Description

@novatechflow

Context

PR #152 hardens the four chart-templated Deployments (operator, proxy, console, mcp) for Pod Security Admission restricted. Brokers and managed etcd are operator-reconciled (app=kafscale-broker, etcd StatefulSet/Deployment), so they are out of scope for the chart change.

Task

Add PSA restricted-compatible pod and container securityContext defaults to operator-reconciled broker and etcd workloads, aligned with the shipped images (USER 10001).

Acceptance

  • Broker and etcd pods render/run with the same restricted controls as chart workloads (runAsNonRoot, dropped capabilities, readOnlyRootFilesystem, seccompProfile: RuntimeDefault, etc.)
  • Writable mounts added only where runtime code requires them (mirror proxy /tmp pattern if needed)
  • Conformance test or operator render test prevents regression

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions