From afe97b7321fad7712873a377f8bc7f31c01b57f2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bj=C3=B6rn=20Petersen?= Date: Fri, 27 Dec 2024 22:18:34 +0100 Subject: [PATCH] Add securityContexts --- chart/templates/crons.yaml | 8 ++++++++ chart/templates/sts-update-handler.yaml | 12 ++++++++++++ 2 files changed, 20 insertions(+) diff --git a/chart/templates/crons.yaml b/chart/templates/crons.yaml index 861813f..0e80a39 100644 --- a/chart/templates/crons.yaml +++ b/chart/templates/crons.yaml @@ -18,6 +18,10 @@ spec: template: spec: restartPolicy: Never + securityContext: + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault containers: - name: app image: {{ $.Values.image.app }}:{{ $.Values.appVersion }} @@ -29,6 +33,10 @@ spec: requests: cpu: 1000m memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ ALL ] env: - name: DATABASE_PASSWORD valueFrom: diff --git a/chart/templates/sts-update-handler.yaml b/chart/templates/sts-update-handler.yaml index e3526c7..c252167 100644 --- a/chart/templates/sts-update-handler.yaml +++ b/chart/templates/sts-update-handler.yaml @@ -23,9 +23,17 @@ spec: labels: app: {{ .Release.Name }}-update-handler spec: + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true initContainers: - name: flyway image: {{ .Values.image.migrations }}:{{ .Values.appVersion }} + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ ALL ] envFrom: - configMapRef: name: {{ .Release.Name }}-db @@ -50,6 +58,10 @@ spec: requests: cpu: 10m memory: 128Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: [ ALL ] env: - name: DATABASE_PASSWORD valueFrom: