From bccd6bda72609ca2504ef7a0324c764840d1d3b0 Mon Sep 17 00:00:00 2001
From: David Bauer <david.bauer@open-xchange.com>
Date: Tue, 1 Feb 2022 09:06:38 +0100
Subject: [PATCH] Add default security context

---
 helm/core-manifest-service/Chart.yaml  |  2 +-
 helm/core-manifest-service/values.yaml | 24 ++++++++++++++----------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/helm/core-manifest-service/Chart.yaml b/helm/core-manifest-service/Chart.yaml
index d010df4..082cc6a 100644
--- a/helm/core-manifest-service/Chart.yaml
+++ b/helm/core-manifest-service/Chart.yaml
@@ -15,7 +15,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 2.0.1
+version: 2.0.2
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
diff --git a/helm/core-manifest-service/values.yaml b/helm/core-manifest-service/values.yaml
index 5723d6f..83eb51d 100644
--- a/helm/core-manifest-service/values.yaml
+++ b/helm/core-manifest-service/values.yaml
@@ -30,16 +30,20 @@ serviceAccount:
 podAnnotations:
   logging.open-xchange.com/format: "appsuite-json"
 
-podSecurityContext: {}
-  # fsGroup: 2000
-
-securityContext: {}
-  # capabilities:
-  #   drop:
-  #   - ALL
-  # readOnlyRootFilesystem: true
-  # runAsNonRoot: true
-  # runAsUser: 1000
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+
+securityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  capabilities:
+    drop:
+      - ALL
 
 service:
   type: ClusterIP
-- 
GitLab