change(template): Set security context by default to restrictive values
This commit is contained in:
parent
0b48a5a0ab
commit
2bc1d19ee1
|
@ -2,7 +2,7 @@ apiVersion: v2
|
|||
name: template
|
||||
description: A Helm library chart containing common templates, keeping application templates short
|
||||
type: library
|
||||
version: 0.3.3
|
||||
version: 0.4.0
|
||||
maintainers:
|
||||
- name: Jim Martens
|
||||
url: https://2martens.de
|
||||
|
@ -10,10 +10,8 @@ sources:
|
|||
- https://github.com/2martens/cloud-configuration
|
||||
annotations:
|
||||
artifacthub.io/changes: |
|
||||
- kind: fixed
|
||||
description: Added missing permission to leader role
|
||||
- kind: fixed
|
||||
description: Bind correct role
|
||||
- kind: changed
|
||||
description: Harden by default
|
||||
artifacthub.io/signKey: |
|
||||
fingerprint: F0F153B65BAD467201D7544E47393ABD1F96B7C8
|
||||
url: https://mafiasi.de/pks/key/47393ABD1F96B7C8.asc
|
||||
|
|
|
@ -39,7 +39,13 @@ podSecurityContext: {}
|
|||
# fsGroup: 2000
|
||||
|
||||
# Configure security context of the application container
|
||||
securityContext: {}
|
||||
securityContext:
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
# capabilities:
|
||||
# drop:
|
||||
# - ALL
|
||||
|
|
Loading…
Reference in New Issue