Merge pull request #2780 from weaveworks/pod-security

Robin Sonefors · web-flow · commit 3977758e0841 · 2022-09-23T18:23:12.000+01:00
Set security context that passes enforce:restricted pod security
diff --git a/charts/gitops-server/values.yaml b/charts/gitops-server/values.yaml
@@ -85,13 +85,16 @@ podAnnotations: {}
 podSecurityContext: {}
 # fsGroup: 2000
 
-securityContext: {}
-# capabilities:
-#   drop:
-#   - ALL
-# readOnlyRootFilesystem: true
-# runAsNonRoot: true
-# runAsUser: 1000
+securityContext:
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+    - ALL
+  seccompProfile:
+    type: RuntimeDefault
+  runAsUser: 1000
+  readOnlyRootFilesystem: true
 
 service:
   create: true
