Prevents containers from running as a user or group 1337 and 2102 which are reserved for Istio and Linkerd.
- name: nginx
- containerPort: 80
- runAsUser: 1337
securitytower.io/policy.exclusion.preventservicemeshuseridas on the example below.
apiVersion: apps/v1 kind: Deployment metadata: name: your-deployment annotations: securitytower.io/policy.exclusion.preventservicemeshuserid: |- This pod has a container that must run as 1337, because ... . ...