fix security context helm chart

eumel8 · Oct 31, 2023 · ceb453c · ceb453c
1 parent e4e715d
commit ceb453c
Show file tree

Hide file tree

Showing 3 changed files with 14 additions and 2 deletions.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -3,7 +3,7 @@ appVersion: 0.7.5
 description: Kubernetes Operator for OTC RDS
 name: otc-rds-operator
 type: application
-version: 0.7.5
+version: 0.7.6
 sources:
   - https://github.com/eumel8/otc-rds-operator
 icon: https://raw.githubusercontent.com/eumel8/otc-rds-operator/master/otc-rds-operator.png

diff --git a/chart/templates/deployment.yaml b/chart/templates/deployment.yaml
@@ -51,3 +51,7 @@ spec:
       nodeSelector:
         {{ toYaml . | nindent 8 }}
       {{ end }}
+      {{- with .Values.podSecurityContext }}
+      securityContext:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -88,11 +88,19 @@ resources:
     cpu: 500m
     memory: 512Mi
 
+podSecurityContext:
+  fsGroup: 1000
+  supplementalGroups:
+  - 1000
 securityContext:
   allowPrivilegeEscalation: false
-  capabilities: {}
+  capabilities:
+    drop:
+    - ALL
   privileged: false
+  readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1000
+  runAsGroup: 1000
 
 nodeSelector: {}