diff --git a/vaultwarden/resources/deployment.yaml b/vaultwarden/resources/deployment.yaml index d7f922b..ff499bc 100644 --- a/vaultwarden/resources/deployment.yaml +++ b/vaultwarden/resources/deployment.yaml @@ -35,6 +35,12 @@ spec: volumeMounts: - name: data mountPath: /data + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -49,3 +55,8 @@ spec: - name: data persistentVolumeClaim: claimName: vaultwarden-data + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true