Improve security context for the k8s manifest

files/logic.py

@@ -57,7 +57,7 @@ def execute(self):
 						startReplicas = 1
 						startReplicasAnnotation = 'another-scheduler.io/start-replicas'
 						if startReplicasAnnotation in deployAnnotations:
-							self.logs.debug({'message': 'Start replicas defined by the user.', 'namespace': namespaceName, 'deployment': deployName, 'replicas': deployAnnotations[startReplicasAnnotation]})
+							self.logs.debug({'message': 'Replicas defined by the user for start.', 'namespace': namespaceName, 'deployment': deployName, 'replicas': deployAnnotations[startReplicasAnnotation]})
 							startReplicas = int(deployAnnotations[startReplicasAnnotation])
 
 						if deploy.spec.replicas != startReplicas:
@@ -80,7 +80,7 @@ def execute(self):
 						stopReplicas = 0
 						stopReplicasAnnotation = 'another-scheduler.io/stop-replicas'
 						if stopReplicasAnnotation in deployAnnotations:
-							self.logs.debug({'message': 'Stop replicas defined by the user.', 'namespace': namespaceName, 'deployment': deployName, 'replicas': deployAnnotations[stopReplicasAnnotation]})
+							self.logs.debug({'message': 'Replicas defined by the user for stop.', 'namespace': namespaceName, 'deployment': deployName, 'replicas': deployAnnotations[stopReplicasAnnotation]})
 							stopReplicas = int(deployAnnotations[stopReplicasAnnotation])
 
 						if deploy.spec.replicas != stopReplicas:

kubernetes/full.yaml

@@ -69,6 +69,17 @@ spec:
         - configMapRef:
             name: another-scheduler
         securityContext:
-          readOnlyRootFilesystem: true
           runAsNonRoot: true
-          runAsUser: 10000
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: true
+          runAsUser: 10001
+          capabilities:
+            drop:
+              - ALL
+        resources:
+          limits:
+            cpu: 300m
+            memory: 256Mi
+          requests:
+            cpu: 100m
+            memory: 128Mi