Update security context to allow frontend pod to start (#6)
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/push Build is passing
Details
Reviewed-on: #6 Reviewed-by: Yurii Vlasov <yuriy@vlasov.pro> Co-authored-by: r1cebank <siyuangao@pm.me> Co-committed-by: r1cebank <siyuangao@pm.me>
This commit is contained in:
parent
1e81af0512
commit
f9b22567c9
|
@ -10,7 +10,7 @@ description: |-
|
||||||
the high alpine areas of the Andes and a relative of the llama.
|
the high alpine areas of the Andes and a relative of the llama.
|
||||||
annotations:
|
annotations:
|
||||||
category: TaskTracker
|
category: TaskTracker
|
||||||
version: 0.1.3
|
version: 0.1.4
|
||||||
appVersion: 0.20.4
|
appVersion: 0.20.4
|
||||||
kubeVersion: ">= 1.19"
|
kubeVersion: ">= 1.19"
|
||||||
dependencies:
|
dependencies:
|
||||||
|
|
|
@ -61,7 +61,7 @@ api:
|
||||||
config:
|
config:
|
||||||
database:
|
database:
|
||||||
# Use PostgreSQL database anyway
|
# Use PostgreSQL database anyway
|
||||||
type: postgresql
|
type: postgres
|
||||||
envFrom:
|
envFrom:
|
||||||
# Bind env variables from the secret
|
# Bind env variables from the secret
|
||||||
- name: VIKUNJA_DATABASE_USER
|
- name: VIKUNJA_DATABASE_USER
|
||||||
|
|
|
@ -39,12 +39,14 @@ frontend:
|
||||||
# fsGroup: 1000
|
# fsGroup: 1000
|
||||||
|
|
||||||
securityContext:
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
runAsUser: 101 # nginx
|
||||||
capabilities:
|
capabilities:
|
||||||
drop:
|
drop:
|
||||||
- ALL
|
- ALL
|
||||||
# readOnlyRootFilesystem: true
|
add:
|
||||||
# runAsNonRoot: true
|
- NET_BIND_SERVICE
|
||||||
# runAsUser: 1000
|
|
||||||
|
|
||||||
service:
|
service:
|
||||||
type: ClusterIP
|
type: ClusterIP
|
||||||
|
|
Loading…
Reference in New Issue