Merge pull request #129 from wkbrd/wkbrd-security-patch

canterberry · web-flow · commit 013c0af45a46 · 2024-05-13T09:44:29.000-07:00
Wkbrd security patch
diff --git a/values.yaml b/values.yaml
@@ -155,11 +155,25 @@ configData:
       threshold: 3
 
 containerSecurityContext:
-  enabled: false
+  enabled: true
+  seLinuxOptions: {}
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  runAsNonRoot: true
+  seccompProfile:
+    type: RuntimeDefault
 
 securityContext:
   enabled: true
-  runAsUser: 1000
+  fsGroupChangePolicy: Always
+  sysctls: []
+  supplementalGroups: []
   fsGroup: 1000
 
 priorityClassName: ""
