Description The CleanStart Rancher-Fleet-Agent image provides a production-ready, security-hardened container optimized for enterprise environments. Built on a minimal base OS with comprehensive security hardening, this image delivers reliable application execution with advanced security features.
Application Server Run application with port forwarding
bash docker run -d --name rancher-fleet-agent-app \
-p 8000:8000 \
-v $(pwd):/app \
-w /app \
clnstrt-images.clnstrt.com/$ORGANIZATION/rancher-fleet-agent:latestEnvironment Variables Configuration options available through environment variables
PATH System PATH configuration /usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/binSecurity Best Practices Recommended security configurations and practices
Use specific image tags for production (avoid latest) Configure resource limits: memory and CPU constraints Enable read-only root filesystem when possible Run containers with non-root user (--user 1000:1000) Use --security-opt=no-new-privileges flag Regularly update container images for security patches Implement proper network segmentation Monitor container metrics for anomalies Kubernetes Security Context Recommended security context for Kubernetes deployments
yaml securityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']Documentation Resources Essential links and resources for further information