The WebLogic Kubernetes Operator enforces pod and container security best practices for the pods and containers that the operator creates for WebLogic Server instances, the init container for auxiliary images, sidecar containers for Fluentd or the WebLogic Monitoring Exporter, and the introspection job.
Beginning with operator version 4.0.5, the operator adds the following pod-level securityContext content:
securityContext:
seccompProfile:
type: RuntimeDefault
The operator also adds the following container-level securityContext content to each container:
securityContext:
runAsUser: 1000
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
On OpenShift environments, the operator omits the runAsUser element.
Customers can configure pod and container generation
for WebLogic Server instances using the serverPod element in the Domain resource. If specified, the operator will use the
serverPod.podSecurityContext or serverPod.containerSecurityContext content from the Domain resource rather than using the default content shown previously.