class SecurityContext

Injects pod and container security contexts on pod-bearing resources.

Reads the +app.kubernetes.io/security+ label. When the label is absent, the middleware applies the default profile.

Kube::Cluster["Deployment"].new { metadata.labels = "app.kubernetes.io/security": "restricted" ... }

Available profiles: +restricted+ (default), +baseline+.

stack do use Middleware::SecurityContext # default: restricted use Middleware::SecurityContext, default: :baseline # change default end