The WebLogic Kubernetes Operator enforces pod and container security best practices for the pods and containers that the operator creates for WebLogic Server instances, the init container for auxiliary images, sidecar containers for Fluentd or the WebLogic Monitoring Exporter, and the introspection job.
The operator adds the following pod-level securityContext
content:
securityContext:
seccompProfile:
type: RuntimeDefault
The operator also adds the following container-level securityContext
content to each container:
securityContext:
runAsUser: 1000
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
On OpenShift environments, the operator omits the runAsUser
element.
Customers can configure pod and container generation
for WebLogic Server instances using the serverPod
element in the Domain resource. If specified, the operator will use the
serverPod.podSecurityContext
or serverPod.containerSecurityContext
content from the Domain resource rather than using the default content shown previously.