From a6c7b6f6d639ea52650e772035a5b3bd2bede8cb Mon Sep 17 00:00:00 2001 From: Peter Kurfer Date: Tue, 7 May 2024 17:43:21 +0200 Subject: [PATCH] feat(vaultwarden): configure security context --- vaultwarden/resources/deployment.yaml | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/vaultwarden/resources/deployment.yaml b/vaultwarden/resources/deployment.yaml index d7f922b..ff499bc 100644 --- a/vaultwarden/resources/deployment.yaml +++ b/vaultwarden/resources/deployment.yaml @@ -35,6 +35,12 @@ spec: volumeMounts: - name: data mountPath: /data + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + capabilities: + drop: + - ALL affinity: nodeAffinity: preferredDuringSchedulingIgnoredDuringExecution: @@ -49,3 +55,8 @@ spec: - name: data persistentVolumeClaim: claimName: vaultwarden-data + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + runAsNonRoot: true