Update static-error-page-upload-job container to be PSS compliant

Description: - Enforces this container to be compliant when PSS is set to [restricted](https://kubernetes.io/docs/concepts/security/pod-security-standards/) - As part of #1883
alphagov · Oct 4, 2024 · 669cf57 · 669cf57
1 parent d42e649
commit 669cf57
Showing 1 changed file with 7 additions and 2 deletions.
diff --git a/charts/generic-govuk-app/templates/static-error-page-upload-job.yaml b/charts/generic-govuk-app/templates/static-error-page-upload-job.yaml
@@ -32,8 +32,13 @@ spec:
         - name: upload-static-error-pages
           image: 172025368201.dkr.ecr.eu-west-1.amazonaws.com/github/alphagov/govuk/toolbox:latest
           securityContext:
-            allowPrivilegeEscalation: false
-            readOnlyRootFilesystem: true
+            allowPrivilegeEscalation: {{ .Values.securityContext.allowPrivilegeEscalation | default "false" }}
+            runAsNonRoot: {{ .Values.securityContext.runAsNonRoot | default "true" }}
+            readOnlyRootFilesystem: {{ .Values.securityContext.readOnlyRootFilesystem | default "true" }}
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop: ["ALL"]
           env:
             - name: GOVUK_ENVIRONMENT
               value: {{ .Values.govukEnvironment }}