NIC should be able to run with the "restricted" POD security level

WIP

# Summary

NIC is currently (3.x) required to run as a privileged POD with added capabilities. This is not ideal from a security perspective and not aligned with best practice container security guidelines and standards such as:
* _CIS Kubernetes_ as briefly explained by [Aquasec](https://www.aquasec.com/cloud-native-academy/kubernetes-in-production/kubernetes-cis-benchmark-best-practices-in-brief/)
* [NSA Kubernetes Hardening guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)

To improve the security posture, NIC should be able to run with the _restricted_ POD security level. See [Pod Security Standards](https://kubernetes.io/docs/concepts/security/pod-security-standards/) for more information.

# Motivation

NIC is usually exposed to the Internet and thus a target for all kinds of attacks. The project should always strive to improve the security of NIC.

## Goals

* Secure by default
* Restricted security level in deployment resources

## Non-goals

* Other security improvements not required by the restricted level such as read-only root filesystem (#1677 )

# Proposal

TBD

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

NIC should be able to run with the "restricted" POD security level #3544

Summary

Motivation

Goals

Non-goals

Proposal

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

NIC should be able to run with the "restricted" POD security level #3544

Description

Summary

Motivation

Goals

Non-goals

Proposal

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions