Aller au contenu principal

Overview

Packaging​

Apps should be packaged as Helm charts, and optionally completed with kustomize overlays, but only if necessary.

With Helm packaging, you can optionaly choose to deploy using Helmfile or Kosmos Studio.

Security constraint on Apps​

Kosmos applies the restricted Pod Security Standard and runs with profile: cis by default. Therefore, you should use a valid security context in your application, such as:

securityContext:
  runAsNonRoot: true
  runAsUser: 1000
  runAsGroup: 1000
  seccompProfile:
    type: RuntimeDefault
securityContext:
  allowPrivilegeEscalation: false
  runAsNonRoot: true
  capabilities:
    drop:
      - ALL
  seccompProfile:
    type: RuntimeDefault
  readOnlyRootFilesystem: true