application-stacks
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/01-assert.yaml‎
Lines changed: 2 additions & 0 deletions b/‎bundle/tests/scorecard/kuttl/security-context/01-assert.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/02-run-as-non-root-override.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/01-override.yaml‎
Lines changed: 2 additions & 0 deletions b/‎bundle/tests/scorecard/kuttl/security-context/02-run-as-non-root-override.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/01-override.yaml‎
Lines changed: 2 additions & 0 deletions
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/01-read-only-fs-override.yaml‎
Lines changed: 0 additions & 9 deletions b/‎bundle/tests/scorecard/kuttl/security-context/01-read-only-fs-override.yaml‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/02-assert.yaml‎
Lines changed: 1 addition & 1 deletion b/‎bundle/tests/scorecard/kuttl/security-context/02-assert.yaml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/04-privileged-override.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/02-privileged-override.yaml‎ b/‎bundle/tests/scorecard/kuttl/security-context/04-privileged-override.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/02-privileged-override.yaml‎
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/03-assert.yaml‎
Lines changed: 4 additions & 1 deletion b/‎bundle/tests/scorecard/kuttl/security-context/03-assert.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/05-capabilities-override.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/03-capabilities-override.yaml‎ b/‎bundle/tests/scorecard/kuttl/security-context/05-capabilities-override.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/03-capabilities-override.yaml‎
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/03-privilege-esc-override.yaml‎
Lines changed: 0 additions & 9 deletions b/‎bundle/tests/scorecard/kuttl/security-context/03-privilege-esc-override.yaml‎
Lines changed: 0 additions & 9 deletions
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/04-assert.yaml‎
Lines changed: 8 additions & 2 deletions b/‎bundle/tests/scorecard/kuttl/security-context/04-assert.yaml‎
Lines changed: 8 additions & 2 deletions
diff --git a/‎bundle/tests/scorecard/kuttl/security-context/06-restore-default.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/04-restore-default.yaml‎ b/‎bundle/tests/scorecard/kuttl/security-context/06-restore-default.yaml‎ renamed to ‎bundle/tests/scorecard/kuttl/security-context/04-restore-default.yaml‎
@@ -12,7 +12,9 @@ spec:
       containers:
       - name: app
         securityContext:
+          allowPrivilegeEscalation: true
           readOnlyRootFilesystem: true
+          runAsNonRoot: false
 status:
   replicas: 1
   readyReplicas: 1
 
@@ -6,4 +6,6 @@ spec:
   applicationImage: k8s.gcr.io/pause:2.0
   replicas: 1
   securityContext:
+    allowPrivilegeEscalation: true
+    readOnlyRootFilesystem: true
     runAsNonRoot: false
@@ -12,7 +12,7 @@ spec:
       containers:
       - name: app
         securityContext:
-          runAsNonRoot: false
+          privileged: true
 status:
   replicas: 1
   readyReplicas: 1
 
@@ -12,7 +12,10 @@ spec:
       containers:
       - name: app
         securityContext:
-          allowPrivilegeEscalation: true
+          capabilities:
+            add:
+              - NET_ADMIN
+              - SYS_TIME
 status:
   replicas: 1
   readyReplicas: 1
 
@@ -12,8 +12,14 @@ spec:
       containers:
       - name: app
         securityContext:
-          privileged: true
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+          privileged: false
+          readOnlyRootFilesystem: false
+          runAsNonRoot: true
 status:
   replicas: 1
   readyReplicas: 1
-  availableReplicas: 1
+  updatedReplicas: 1