Skip to content

Improve Security Configuration and Add Pod Security Standards Compliance #64

New issue
New issue
Open
Enhancement
Open
Improve Security Configuration and Add Pod Security Standards Compliance#64
Enhancement
Assignees
brynsofz
Labels
DevOpsThis label marks this as a DevOps activityenhancementNew feature or request
@brynsofz

Description

@brynsofz
brynsofz
opened on Sep 22, 2025

Description

Currently, the GeoServer and MapStore charts are lack of security practices. This proposal addresses these security gaps and opportunities for improvement to align with Kubernetes security best practices and industry standards.

Current Security Issues Identified

Security Gaps Identified

  1. MapStore Chart Missing Security Context - The MapStore chart lacks security context configuration, unlike GeoServer
  2. No Pod Security Standards Compliance - Neither chart includes Pod Security Standards labels or enforcement

Impact

These security gaps create significant risks including: MapStore containers running as root (increasing attack surface and vulnerability to privilege escalation), inability to deploy in security-hardened Kubernetes clusters or those with Pod Security Standards enabled, failure of compliance audits (SOC2, PCI-DSS, FedRAMP, GDPR, HIPAA),etc..

Proposed Fix

Address these security gaps by adding security context configuration to the MapStore chart (matching GeoServer's implementation with non-root user execution and appropriate file system groups) and implementing Pod Security Standards compliance with restricted profile labels and validation.

Metadata

Metadata

Assignees

Labels

DevOpsThis label marks this as a DevOps activityenhancementNew feature or request

Type

Enhancement

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions