From c0bc2294656f13e16ba7737591d4e53ec5c6803b Mon Sep 17 00:00:00 2001
From: Martin Linkhorst <martin.linkhorst+github.com@posteo.de>
Date: Wed, 19 Sep 2018 12:15:33 +0200
Subject: [PATCH] chore: run chaoskube with limited privileges

---
 examples/chaoskube.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/examples/chaoskube.yaml b/examples/chaoskube.yaml
index 26643b2c..8fd1d1ae 100644
--- a/examples/chaoskube.yaml
+++ b/examples/chaoskube.yaml
@@ -40,6 +40,12 @@ spec:
         - --minimum-age=1h
         # terminate pods for real: this disables dry-run mode which is on by default
         - --no-dry-run
+        securityContext:
+          runAsNonRoot: true
+          runAsUser: 65534
+          readOnlyRootFilesystem: true
+          capabilities:
+            drop: ["ALL"]
 
 ---