Summary
The k8s sample manifest (k8s/nemoclaw-k8s.yaml) ships with permissive defaults that should be tightened for security.
Background
This was identified during cleanup of PR #1217 (fix(security): harden gateway auth defaults and restrict auto-pair). The now-closed PR #1149 by @13ernkastel included k8s hardening work alongside auth changes. The auth portion was superseded by #1217, but the k8s hardening was independent and not covered by any merged PR.
Issue #803 tracks the missing seccomp profile specifically, but the full scope of k8s manifest hardening is broader.
What needs to change
Pod-level
automountServiceAccountToken: false — pod does not need k8s API accessenableServiceLinks: false — prevent service env var injection (information leak surface)
Workspace container security context
allowPrivilegeEscalation: falsecapabilities.drop: [ALL]seccompProfile.type: RuntimeDefault
Credential handling
COMPATIBLE_API_KEY should be loaded from an optional Secret (nemoclaw-compatible-api-key) with a dummy fallback for unauthenticated endpoints (Dynamo/vLLM), instead of hardcoding "dummy" inlineNEMOCLAW_POLICY_MODE should default to "suggested" instead of "skip"
Installer download
- Replace
curl ... | bash with download-then-execute pattern (curl --proto =https --tlsv1.2 → file → chmod 700 → execute)
Documentation
- Update
k8s/README.md with Secret setup instructions and updated config table
Related
Summary
The k8s sample manifest (
k8s/nemoclaw-k8s.yaml) ships with permissive defaults that should be tightened for security.Background
This was identified during cleanup of PR #1217 (
fix(security): harden gateway auth defaults and restrict auto-pair). The now-closed PR #1149 by @13ernkastel included k8s hardening work alongside auth changes. The auth portion was superseded by #1217, but the k8s hardening was independent and not covered by any merged PR.Issue #803 tracks the missing seccomp profile specifically, but the full scope of k8s manifest hardening is broader.
What needs to change
Pod-level
automountServiceAccountToken: false— pod does not need k8s API accessenableServiceLinks: false— prevent service env var injection (information leak surface)Workspace container security context
allowPrivilegeEscalation: falsecapabilities.drop: [ALL]seccompProfile.type: RuntimeDefaultCredential handling
COMPATIBLE_API_KEYshould be loaded from an optional Secret (nemoclaw-compatible-api-key) with a dummy fallback for unauthenticated endpoints (Dynamo/vLLM), instead of hardcoding"dummy"inlineNEMOCLAW_POLICY_MODEshould default to"suggested"instead of"skip"Installer download
curl ... | bashwith download-then-execute pattern (curl --proto =https --tlsv1.2→ file →chmod 700→ execute)Documentation
k8s/README.mdwith Secret setup instructions and updated config tableRelated