change(template): Set security context by default to restrictive values

helm/template/Chart.yaml

@@ -2,7 +2,7 @@ apiVersion: v2
 name: template
 description: A Helm library chart containing common templates, keeping application templates short
 type: library
-version: 0.3.3
+version: 0.4.0
 maintainers:
   - name: Jim Martens
     url: https://2martens.de
@@ -10,10 +10,8 @@ sources:
   - https://github.com/2martens/cloud-configuration
 annotations:
   artifacthub.io/changes: |
-    - kind: fixed
-      description: Added missing permission to leader role
-    - kind: fixed
-      description: Bind correct role
+    - kind: changed
+      description: Harden by default
   artifacthub.io/signKey: |
     fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
     url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc

helm/template/_values.yaml

@@ -39,7 +39,13 @@ podSecurityContext: {}
   # fsGroup: 2000
 
 # Configure security context of the application container
-securityContext: {}
+securityContext:
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop: ['ALL']
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
 #   capabilities:
 #     drop:
 #     - ALL