Improve TAS container security

This commit will:
- drop all priviledges
- set allowPrivilegeEscalation to false
- set a non-root user for runAsGroup
- enable default seccompProfile

Signed-off-by: Madalina Lazar <[email protected]>

Author: madalazar

telemetry-aware-scheduling/deploy/tas-deployment.yaml

@@ -29,11 +29,14 @@ spec:
         imagePullPolicy: IfNotPresent
         securityContext:
           capabilities:
-            drop:
-              - all
+            drop: [ 'ALL' ]
           readOnlyRootFilesystem: true
           runAsNonRoot: true
           runAsUser: 10001
+          allowPrivilegeEscalation: false
+          runAsGroup: 10001
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - name: certs
           mountPath: /tas/cert