Skip to content

Commit

Permalink
Merge pull request #1507 from alphagov/argo-workflows-server-PSS-rest…
Browse files Browse the repository at this point in the history
…ricted-compliant

Enforce Argo workflow server to be compliant with PSS restricted
  • Loading branch information
nimalank7 authored Nov 15, 2024
2 parents d947169 + c7f9f4a commit 70eaa5c
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions terraform/deployments/cluster-services/argo.tf
Original file line number Diff line number Diff line change
Expand Up @@ -308,6 +308,19 @@ resource "helm_release" "argo_workflows" {
memory = "512Mi"
}
}
podSecurityContext = {
runAsNonRoot = true
seccompProfile = {
type = "RuntimeDefault"
}
}
securityContext = {
readOnlyRootFilesystem = true
allowPrivilegeEscalation = false
capabilities = {
drop = ["ALL"]
}
}
replicas = var.desired_ha_replicas
}
})]
Expand Down

0 comments on commit 70eaa5c

Please sign in to comment.