From ee05f26710317b1d06543b0bbd061c432d4213dc Mon Sep 17 00:00:00 2001
From: biswajit-9776 <biswajitpatt139@gmail.com>
Date: Wed, 8 Jan 2025 23:43:01 +0530
Subject: [PATCH] Added a PSS patch

Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
---
 .../PSS/patches/cluster-jwks-proxy.yaml       | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 contrib/security/PSS/patches/cluster-jwks-proxy.yaml

diff --git a/contrib/security/PSS/patches/cluster-jwks-proxy.yaml b/contrib/security/PSS/patches/cluster-jwks-proxy.yaml
new file mode 100644
index 0000000000..7935ec8a7a
--- /dev/null
+++ b/contrib/security/PSS/patches/cluster-jwks-proxy.yaml
@@ -0,0 +1,20 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: cluster-jwks-proxy
+  namespace: istio-system
+spec:
+  template:
+    spec:
+      containers:
+      - name: kubectl-proxy
+        securityContext:
+          allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
+          runAsNonRoot: true
+          runAsUser: 1000
+          runAsGroup: 0
+          capabilities:
+            drop:
+            - ALL