feat(vaultwarden): configure security context
All checks were successful
Renovate / renovate (push) Successful in 23s
All checks were successful
Renovate / renovate (push) Successful in 23s
This commit is contained in:
parent
73d2ff843d
commit
a6c7b6f6d6
1 changed files with 11 additions and 0 deletions
|
@ -35,6 +35,12 @@ spec:
|
|||
volumeMounts:
|
||||
- name: data
|
||||
mountPath: /data
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
readOnlyRootFilesystem: true
|
||||
capabilities:
|
||||
drop:
|
||||
- ALL
|
||||
affinity:
|
||||
nodeAffinity:
|
||||
preferredDuringSchedulingIgnoredDuringExecution:
|
||||
|
@ -49,3 +55,8 @@ spec:
|
|||
- name: data
|
||||
persistentVolumeClaim:
|
||||
claimName: vaultwarden-data
|
||||
securityContext:
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
fsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
|
|
Loading…
Reference in a new issue