From 0518a5129a1b3a23e8a524f241386949da1b024b Mon Sep 17 00:00:00 2001
From: Remi  PLANEL <rplanel@pasteur.fr>
Date: Thu, 10 Apr 2025 16:42:00 +0200
Subject: [PATCH] configure security context for db

---
 charts/supabase/values.yaml | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
index feeab94..5eddc13 100644
--- a/charts/supabase/values.yaml
+++ b/charts/supabase/values.yaml
@@ -107,15 +107,17 @@ db:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
-    # fsGroup: 2000
-  securityContext: {}
+  podSecurityContext:
+    enabled: true
+    fsGroup: 106
+    runAsNonRoot: true
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
-    # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
+      enabled: true
+      runAsUser: 105
+      runAsNonRoot: true
   service:
     type: ClusterIP
     port: 5432
-- 
GitLab