From ca1ef28d901c44e2196003745694bd7bc22ed665 Mon Sep 17 00:00:00 2001 From: Dustin Jenkins Date: Wed, 18 Dec 2024 15:33:00 -0800 Subject: [PATCH] fix: append security constraints for posix mapper postgres --- helm/applications/posix-mapper/Chart.yaml | 2 +- .../applications/posix-mapper/templates/postgres-deploy.yaml | 5 +++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/helm/applications/posix-mapper/Chart.yaml b/helm/applications/posix-mapper/Chart.yaml index bfc79d9..96b939f 100644 --- a/helm/applications/posix-mapper/Chart.yaml +++ b/helm/applications/posix-mapper/Chart.yaml @@ -15,7 +15,7 @@ type: application # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 0.2.0 +version: 0.2.1 # This is the version number of the application being deployed. This version number should be # incremented each time you make changes to the application. Versions are not expected to diff --git a/helm/applications/posix-mapper/templates/postgres-deploy.yaml b/helm/applications/posix-mapper/templates/postgres-deploy.yaml index 6527fde..be17406 100644 --- a/helm/applications/posix-mapper/templates/postgres-deploy.yaml +++ b/helm/applications/posix-mapper/templates/postgres-deploy.yaml @@ -13,6 +13,9 @@ spec: labels: app: posix-mapper-postgres spec: + securityContext: + seccompProfile: + type: RuntimeDefault containers: - name: postgres image: postgres:13 @@ -27,6 +30,8 @@ spec: name: postgresinit - mountPath: /var/lib/postgresql/data name: postgresdb + securityContext: + allowPrivilegeEscalation: false volumes: - name: postgresdb {{- toYaml .Values.postgresql.storage.spec | nindent 10 }}