From 2703b008de25c41d220be0db2875653ab124ce36 Mon Sep 17 00:00:00 2001
From: Tomislav Mikulin <tmikulin@gmail.com>
Date: Mon, 10 Jan 2022 20:52:45 +0100
Subject: [PATCH] Enforce security in k8 files

---
 k8s/mev-inspect-workers/values.yaml | 13 +++++++------
 k8s/mev-inspect/values.yaml         | 16 +++++++++-------
 2 files changed, 16 insertions(+), 13 deletions(-)

diff --git a/k8s/mev-inspect-workers/values.yaml b/k8s/mev-inspect-workers/values.yaml
index f7ead0e..ed270af 100644
--- a/k8s/mev-inspect-workers/values.yaml
+++ b/k8s/mev-inspect-workers/values.yaml
@@ -17,13 +17,14 @@ podAnnotations: {}
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
   # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+  runAsNonRoot: true
+  runAsUser: 1000
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious
diff --git a/k8s/mev-inspect/values.yaml b/k8s/mev-inspect/values.yaml
index 11140f9..e9b0ec5 100644
--- a/k8s/mev-inspect/values.yaml
+++ b/k8s/mev-inspect/values.yaml
@@ -17,13 +17,15 @@ podAnnotations: {}
 podSecurityContext: {}
   # fsGroup: 2000
 
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - all
+  #readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+
 
 resources: {}
   # We usually recommend not to specify default resources and to leave this as a conscious