feat(vaultwarden): configure security context
All checks were successful
Renovate / renovate (push) Successful in 23s
All checks were successful
Renovate / renovate (push) Successful in 23s
This commit is contained in:
parent
73d2ff843d
commit
a6c7b6f6d6
1 changed files with 11 additions and 0 deletions
|
@ -35,6 +35,12 @@ spec:
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: data
|
- name: data
|
||||||
mountPath: /data
|
mountPath: /data
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
readOnlyRootFilesystem: true
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
affinity:
|
affinity:
|
||||||
nodeAffinity:
|
nodeAffinity:
|
||||||
preferredDuringSchedulingIgnoredDuringExecution:
|
preferredDuringSchedulingIgnoredDuringExecution:
|
||||||
|
@ -49,3 +55,8 @@ spec:
|
||||||
- name: data
|
- name: data
|
||||||
persistentVolumeClaim:
|
persistentVolumeClaim:
|
||||||
claimName: vaultwarden-data
|
claimName: vaultwarden-data
|
||||||
|
securityContext:
|
||||||
|
runAsUser: 1000
|
||||||
|
runAsGroup: 1000
|
||||||
|
fsGroup: 1000
|
||||||
|
runAsNonRoot: true
|
||||||
|
|
Loading…
Reference in a new issue