9e2f12dc51
Remove cap_drop: ALL and no-new-privileges from postgres, redis, minio, and minio-init services. These stock images require certain capabilities (SETUID, SETGID, CHOWN) to switch users during initialization. Added KICS exceptions with documentation explaining these are local development only settings - production Kubernetes uses securityContext.
2.1 KiB
2.1 KiB