Skip to content

Commit

Permalink
Merge pull request #38 from score-spec/postgre-securitycontext
Browse files Browse the repository at this point in the history
`postgres:17-alpine` + `securityContext`
  • Loading branch information
mathieu-benoit authored Oct 9, 2024
2 parents e2d158b + 83cb05e commit c79bb32
Showing 1 changed file with 17 additions and 1 deletion.
18 changes: 17 additions & 1 deletion internal/provisioners/default/zz-default.provisioners.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -182,13 +182,16 @@
k8s.score.dev/resource-uid: {{ .Uid }}
k8s.score.dev/resource-guid: {{ .Guid }}
spec:
automountServiceAccountToken: false
containers:
- name: postgres-db
image: postgres:16
image: postgres:17-alpine
ports:
- name: postgres
containerPort: 5432
env:
- name: PGDATA
value: /var/lib/postgresql/data/pgdata
- name: POSTGRES_USER
value: {{ .State.username | quote }}
- name: POSTGRES_PASSWORD
Expand All @@ -201,6 +204,14 @@
volumeMounts:
- name: pv-data
mountPath: /var/lib/postgresql/data
securityContext:
runAsUser: 1000
runAsGroup: 1000
allowPrivilegeEscalation: false
privileged: false
capabilities:
drop:
- ALL
readinessProbe:
exec:
command:
Expand All @@ -210,6 +221,11 @@
- -d
- {{ .State.database | quote }}
periodSeconds: 3
securityContext:
runAsNonRoot: true
fsGroup: 1000
seccompProfile:
type: RuntimeDefault
volumeClaimTemplates:
- metadata:
name: pv-data
Expand Down

0 comments on commit c79bb32

Please sign in to comment.