From 2584bec199be3891fd7846c65dbcbe0ed8f62c8c Mon Sep 17 00:00:00 2001
From: Remi PLANEL <rplanel@pasteur.fr>
Date: Thu, 10 Apr 2025 17:33:51 +0200
Subject: [PATCH] configure security context for some services
---
charts/supabase/values.yaml | 24 ++++++++++++++----------
1 file changed, 14 insertions(+), 10 deletions(-)
diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
index 5eddc13..78a65ec 100644
--- a/charts/supabase/values.yaml
+++ b/charts/supabase/values.yaml
@@ -270,7 +270,8 @@ auth:
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
- podSecurityContext: {}
+ podSecurityContext:
+ runAsUser: 1000
# fsGroup: 2000
securityContext:
# capabilities:
@@ -529,15 +530,16 @@ meta:
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
- podSecurityContext: {}
+ podSecurityContext:
+ runAsUser: 1000
# fsGroup: 2000
- securityContext: {}
+ securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
- # runAsUser: 1000
+ runAsUser: 1000
service:
type: ClusterIP
port: 8080
@@ -604,15 +606,16 @@ storage:
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
- podSecurityContext: {}
+ podSecurityContext:
+ runAsUser: 1000
# fsGroup: 2000
- securityContext: {}
+ securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
- # runAsUser: 1000
+ runAsUser: 1000
service:
type: ClusterIP
port: 5000
@@ -779,15 +782,16 @@ kong:
# If not set and create is true, a name is generated using the fullname template
name: ""
podAnnotations: {}
- podSecurityContext: {}
+ podSecurityContext:
+ runAsUser: 100
# fsGroup: 2000
- securityContext: {}
+ securityContext:
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
- # runAsUser: 1000
+ runAsUser: 100
service:
type: ClusterIP
port: 8000
--
GitLab