From a9f6074014de2aa8f171cdc74d4136cde99c4bf7 Mon Sep 17 00:00:00 2001
From: Remi  PLANEL <rplanel@pasteur.fr>
Date: Thu, 10 Apr 2025 18:13:24 +0200
Subject: [PATCH] set securityContext

---
 charts/supabase/values.yaml | 37 +++++++++++++++++++++----------------
 1 file changed, 21 insertions(+), 16 deletions(-)

diff --git a/charts/supabase/values.yaml b/charts/supabase/values.yaml
index 76b7f40..27900a1 100644
--- a/charts/supabase/values.yaml
+++ b/charts/supabase/values.yaml
@@ -195,15 +195,16 @@ studio:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 1000
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 1000
   service:
     type: ClusterIP
     port: 3000
@@ -448,15 +449,16 @@ realtime:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
-    # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsNonRoot: true
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 4000
@@ -878,15 +880,16 @@ analytics:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 4000
@@ -962,15 +965,16 @@ vector:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 9001
@@ -1029,15 +1033,16 @@ functions:
     # If not set and create is true, a name is generated using the fullname template
     name: ""
   podAnnotations: {}
-  podSecurityContext: {}
+  podSecurityContext:
+    runAsUser: 65534
     # fsGroup: 2000
-  securityContext: {}
+  securityContext:
     # capabilities:
     #   drop:
     #   - ALL
     # readOnlyRootFilesystem: true
     # runAsNonRoot: true
-    # runAsUser: 1000
+    runAsUser: 65534
   service:
     type: ClusterIP
     port: 9000
-- 
GitLab