Skip to content

Commit

Permalink
run kubernetes deployment as non root
Browse files Browse the repository at this point in the history
Signed-off-by: Chmouel Boudjnah <[email protected]>
  • Loading branch information
chmouel committed Sep 11, 2024
1 parent c5f9cab commit aba2057
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 2 deletions.
2 changes: 1 addition & 1 deletion Dockerfile
Original file line number Diff line number Diff line change
Expand Up @@ -10,5 +10,5 @@ RUN microdnf -y update && microdnf -y --nodocs install tar rsync shadow-utils &&
COPY --from=0 /tmp/gosmee /usr/local/bin/gosmee

WORKDIR /home/gosmee
USER gosmee
USER 1001
ENTRYPOINT ["/usr/local/bin/gosmee"]
9 changes: 8 additions & 1 deletion misc/kubernetes-deployment.yaml
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
Expand Down Expand Up @@ -27,3 +26,11 @@ spec:
"https://yousmee.url",
"http://deployment.name.namespace.name:PORT_OF_SERVICE",
]
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault

0 comments on commit aba2057

Please sign in to comment.