From 5dc563a59699d77be0fb411c4aa2ee3f928eac9f Mon Sep 17 00:00:00 2001
From: Florencio Cano Gabarda <fcanogab@redhat.com>
Date: Wed, 24 Sep 2025 14:50:35 +0200
Subject: [PATCH] Add security attributes related to root usage to container
 definitions

Signed-off-by: Florencio Cano Gabarda <fcanogab@redhat.com>
---
 deploy/kubernetes/deployment.yaml | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/deploy/kubernetes/deployment.yaml b/deploy/kubernetes/deployment.yaml
index 45ab8e98..5f92b82d 100644
--- a/deploy/kubernetes/deployment.yaml
+++ b/deploy/kubernetes/deployment.yaml
@@ -17,6 +17,9 @@ spec:
       initContainers:
       - name: model-downloader
         image: python:3.11-slim
+        securityContext:
+          runAsNonRoot: true
+          allowPrivilegeEscalation: false
         command: ["/bin/bash", "-c"]
         args:
         - |
@@ -70,6 +73,9 @@ spec:
       containers:
       - name: semantic-router
         image: ghcr.io/vllm-project/semantic-router/extproc:latest
+        securityContext:
+          runAsNonRoot: true
+          allowPrivilegeEscalation: false
         ports:
         - containerPort: 50051
           name: grpc