From 639c80fe211b94b308e22c0e08a82e33a436ce96 Mon Sep 17 00:00:00 2001 From: Mathias Pius Date: Sat, 31 Aug 2024 20:48:48 +0200 Subject: [PATCH] Fix non-root deployment --- deploy/deployment.yaml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/deploy/deployment.yaml b/deploy/deployment.yaml index d744135..1dacab7 100644 --- a/deploy/deployment.yaml +++ b/deploy/deployment.yaml @@ -15,6 +15,10 @@ spec: labels: app.kubernetes.io/name: datavirke spec: + securityContext: + runAsUser: 1252 + runAsGroup: 1252 + fsGroup: 1252 containers: - name: web image: registry.kronform.pius.dev/datavirke.dk/datavirke.dk:main @@ -26,7 +30,7 @@ spec: allowPrivilegeEscalation: false capabilities: drop: ["ALL"] - runAsNonRoot: false + runAsNonRoot: true seccompProfile: type: RuntimeDefault ---