Merge pull request #184 from mrueg/drop-psp

Drop PodSecurityPolicies

Author: hagaibarel

charts/coredns/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v2
 name: coredns
-version: 1.36.2
+version: 1.37.0
 appVersion: 1.11.4
 home: https://coredns.io
 icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png
@@ -19,5 +19,5 @@ maintainers:
 type: application
 annotations:
   artifacthub.io/changes: |
-    - kind: changed
-      description: Bump to v1.11.4
+    - kind: removed
+      description: Drop support for PodSecurityPolicy

charts/coredns/templates/podsecuritypolicy.yaml

@@ -76,11 +76,6 @@ serviceAccount:
 rbac:
   # If true, create & use RBAC resources
   create: true
-  # If true, create and use PodSecurityPolicy
-  pspEnable: false
-  # The name of the ServiceAccount to use.
-  # If not set and create is true, a name is generated using the fullname template
-  # name:
 
 clusterRole:
   # By default a name is generated using the fullname template.
@@ -99,9 +94,13 @@ podSecurityContext: {}
 # Configure SecurityContext for Pod.
 # Ensure that required linux capability to bind port number below 1024 is assigned (`CAP_NET_BIND_SERVICE`).
 securityContext:
+  allowPrivilegeEscalation: false
   capabilities:
     add:
       - NET_BIND_SERVICE
+    drop:
+      - ALL
+  readOnlyRootFilesystem: true
 
 # Default zone is what Kubernetes recommends:
 # https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options