chore: add runAsNonRoot for the pods that don't require it

enix · Jan 18, 2024 · 525fa9b · 525fa9b
1 parent 5e15073
commit 525fa9b
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/deploy/charts/x509-certificate-exporter/values.yaml b/deploy/charts/x509-certificate-exporter/values.yaml
@@ -91,7 +91,8 @@ secretsExporter:
   # -- Annotations added to Pods of the TLS Secrets exporter
   podAnnotations: {}
   # -- PodSecurityContext for Pods of the TLS Secrets exporter
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsNonRoot: true
   # -- SecurityContext for containers of the TLS Secrets exporter
   # @default -- check `values.yaml`
   securityContext:
@@ -359,6 +360,7 @@ rbacProxy:
   securityContext:
     runAsUser: 65534
     runAsGroup: 65534
+    runAsNonRoot: true
     readOnlyRootFilesystem: true
     capabilities:
       drop: