You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It may be worth attempting to run containers under the restricted PodSecurityAdmission level, if possible. While this is not strictly required, it should be enough for most "normal" applications, and represents a substantial threat reduction over the Kubernetes defaults.
Could the defaults for all install scripts be set to run the openfga server with limited permissions?
In the case of helm chart, this would achieve:
This would greatly reduce the attack surface area.
The text was updated successfully, but these errors were encountered: