Enforce security in k8 files

2022-01-10 20:52:45 +01:00 · 2022-01-10 20:52:45 +01:00 · 2703b008de
commit 2703b008de
parent a29b12bf0a
2 changed files with 16 additions and 13 deletions
--- a/k8s/mev-inspect-workers/values.yaml
+++ b/k8s/mev-inspect-workers/values.yaml
@ -17,13 +17,14 @@ podAnnotations: {}
 podSecurityContext: {}
  # fsGroup: 2000

-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+  runAsNonRoot: true
+  runAsUser: 1000

 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
--- a/k8s/mev-inspect/values.yaml
+++ b/k8s/mev-inspect/values.yaml
@ -17,13 +17,15 @@ podAnnotations: {}
 podSecurityContext: {}
  # fsGroup: 2000

-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - all
+  #readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  runAsUser: 1000
+

 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious