How to secure the Helm Operator (a little more)

Problem statement

As a platform engineer
I want our workloads to be as secure as possible
So that we don’t leave ourselves open to explotation

Recommended Tooling

I am planning to write another blog post on how we use kubeaudit above as part of our CI process.

Note: Their are many more but these are a good starting point.

The Helm Operator Problem

For more information on the Helm Operator please see
https://github.com/fluxcd/helm-operator

Implementation

We can now add the following values to your HelmRelease’s.

containerSecurityContext:                             
helmOperator:
readOnlyRootFilesystem: true
extraVolumeMounts:
- name: tmp
mountPath: /tmp extraVolumes:
- name: tmp
emptyDir: {}

Independent Kubernetes Consultant & Trainer.