1Password/onepassword-operator
1
0
Fork 0
mirror of https://github.com/1Password/onepassword-operator.git synced 2025-10-22 07:28:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add runAsNonRoot: true and allowPrivilegeEscalation: false to the specs

Browse Source 
Signed-off-by: Volodymyr Zotov <volodymyr.zotov@gmail.com>
This commit is contained in:
Volodymyr Zotov
2023-02-28 15:59:17 -06:00
parent ea8773bfee
commit 702974f750
3 changed files with 10 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/connect/deployment.yaml
View File

@@ -12,6 +12,8 @@ spec:
app: onepassword-connect app: onepassword-connect
version: "1.0.0" version: "1.0.0"
spec: spec:
securityContext:
runAsNonRoot: true
volumes: volumes:
- name: shared-data - name: shared-data
emptyDir: {} emptyDir: {}
@@ -32,6 +34,8 @@ spec:
containers: containers:
- name: connect-api - name: connect-api
image: 1password/connect-api:latest image: 1password/connect-api:latest
securityContext:
allowPrivilegeEscalation: false
resources: resources:
limits: limits:
memory: "128Mi" memory: "128Mi"
@@ -49,6 +53,8 @@ spec:
name: shared-data name: shared-data
- name: connect-sync - name: connect-sync
image: 1password/connect-sync:latest image: 1password/connect-sync:latest
securityContext:
allowPrivilegeEscalation: false
resources: resources:
limits: limits:
memory: "128Mi" memory: "128Mi"

2
config/default/manager_auth_proxy_patch.yaml
View File

@@ -8,6 +8,8 @@ metadata:
spec: spec:
template: template:
spec: spec:
securityContext:
runAsNonRoot: true
containers: containers:
- name: kube-rbac-proxy - name: kube-rbac-proxy
securityContext: securityContext:

2
config/default/manager_config_patch.yaml
View File

@@ -6,6 +6,8 @@ metadata:
spec: spec:
template: template:
spec: spec:
securityContext:
runAsNonRoot: true
containers: containers:
- name: manager - name: manager
args: args: