studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

🔒(helm) set default security context

Browse Source 
In order to be able to deploy this in a restricted k8s cluster, we set
this default security context.

We set it as default because it doesn't change the way the app runs.

So it is better to be more secured by default.

Signed-off-by: Pierre Ozoux Krebber <pierre@ozoux.net>
This commit is contained in:
Pierre Ozoux
2026-01-08 15:53:16 +01:00
committed by GitHub
parent c2387fcb02
commit dd2d2862be
2 changed files with 25 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGELOG.md
View File

@@ -11,6 +11,7 @@ and this project adheres to
- ✨(backend) add documents/all endpoint with descendants #1553
- ✅(export) add PDF regression tests #1762
- 📝(docs) Add language configuration documentation #1757
- 🔒(helm) Set default security context #1750
### Fixed

27
src/helm/impress/values.yaml
View File

@@ -227,7 +227,14 @@ backend:
backoffLimit: 2
## @param backend.securityContext Configure backend Pod security context
securityContext: null
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
## @param backend.envVars Configure backend container environment variables
## @extra backend.envVars.BY_VALUE Example environment variable by setting value directly
@@ -431,7 +438,14 @@ frontend:
sidecars: []
## @param frontend.securityContext Configure frontend Pod security context
securityContext: null
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
## @param frontend.envVars Configure frontend container environment variables
## @extra frontend.envVars.BY_VALUE Example environment variable by setting value directly
@@ -603,7 +617,14 @@ yProvider:
sidecars: []
## @param yProvider.securityContext Configure yProvider Pod security context
securityContext: null
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
## @param yProvider.envVars Configure yProvider container environment variables
## @extra yProvider.envVars.BY_VALUE Example environment variable by setting value directly