mirror of
https://github.com/kubernetes-sigs/external-dns.git
synced 2025-08-06 17:46:57 +02:00
b349103de7
The k8s external-dns project now uses the official Kubernetes projects container registry at k8s.gcr.io. Update all references to use the new registry.
33 lines
720 B
Markdown
33 lines
720 B
Markdown
# Running ExternalDNS with limited privileges
|
|
|
|
You can run ExternalDNS with reduced privileges since `v0.5.6` using the following `SecurityContext`.
|
|
|
|
```yaml
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: external-dns
|
|
spec:
|
|
strategy:
|
|
type: Recreate
|
|
selector:
|
|
matchLabels:
|
|
app: external-dns
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: external-dns
|
|
spec:
|
|
containers:
|
|
- name: external-dns
|
|
image: k8s.gcr.io/external-dns/external-dns:v0.7.3
|
|
args:
|
|
- ... # your arguments here
|
|
securityContext:
|
|
runAsNonRoot: true
|
|
runAsUser: 65534
|
|
readOnlyRootFilesystem: true
|
|
capabilities:
|
|
drop: ["ALL"]
|
|
```
|