From f9b22567c91cc906f8e8432bf388e39b1163d9f9 Mon Sep 17 00:00:00 2001
From: r1cebank <siyuangao@pm.me>
Date: Thu, 4 May 2023 21:39:43 +0000
Subject: [PATCH] Update security context to allow frontend pod to start (#6)

Reviewed-on: https://kolaente.dev/vikunja/helm-chart/pulls/6
Reviewed-by: Yurii Vlasov <yuriy@vlasov.pro>
Co-authored-by: r1cebank <siyuangao@pm.me>
Co-committed-by: r1cebank <siyuangao@pm.me>
---
 Chart.yaml  | 2 +-
 README.md   | 2 +-
 values.yaml | 8 +++++---
 3 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/Chart.yaml b/Chart.yaml
index d14227e..35491a9 100644
--- a/Chart.yaml
+++ b/Chart.yaml
@@ -10,7 +10,7 @@ description: |-
   the high alpine areas of the Andes and a relative of the llama.
 annotations:
   category: TaskTracker
-version: 0.1.3
+version: 0.1.4
 appVersion: 0.20.4
 kubeVersion: ">= 1.19"
 dependencies:
diff --git a/README.md b/README.md
index 9d12274..62446bf 100644
--- a/README.md
+++ b/README.md
@@ -61,7 +61,7 @@ api:
   config:
     database:
       # Use PostgreSQL database anyway
-      type: postgresql
+      type: postgres
   envFrom:
   # Bind env variables from the secret
   - name: VIKUNJA_DATABASE_USER
diff --git a/values.yaml b/values.yaml
index b8c1d5d..01f286d 100644
--- a/values.yaml
+++ b/values.yaml
@@ -39,12 +39,14 @@ frontend:
     # fsGroup: 1000
 
   securityContext:
+    allowPrivilegeEscalation: false
+    runAsUser: 101 # nginx
     capabilities:
       drop:
       - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
+      add:
+      - NET_BIND_SERVICE
+
 
   service:
     type: ClusterIP