diff --git a/CHANGELOG.md b/CHANGELOG.md index b31dad64..f19af445 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ and this project adheres to - ✨(backend) add documents/all endpoint with descendants #1553 - ✅(export) add PDF regression tests #1762 - 📝(docs) Add language configuration documentation #1757 +- 🔒(helm) Set default security context #1750 ### Fixed diff --git a/src/helm/impress/values.yaml b/src/helm/impress/values.yaml index 9595f4b8..8a5401fe 100644 --- a/src/helm/impress/values.yaml +++ b/src/helm/impress/values.yaml @@ -227,7 +227,14 @@ backend: backoffLimit: 2 ## @param backend.securityContext Configure backend Pod security context - securityContext: null + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault ## @param backend.envVars Configure backend container environment variables ## @extra backend.envVars.BY_VALUE Example environment variable by setting value directly @@ -431,7 +438,14 @@ frontend: sidecars: [] ## @param frontend.securityContext Configure frontend Pod security context - securityContext: null + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault ## @param frontend.envVars Configure frontend container environment variables ## @extra frontend.envVars.BY_VALUE Example environment variable by setting value directly @@ -603,7 +617,14 @@ yProvider: sidecars: [] ## @param yProvider.securityContext Configure yProvider Pod security context - securityContext: null + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault ## @param yProvider.envVars Configure yProvider container environment variables ## @extra yProvider.envVars.BY_VALUE Example environment variable by setting value directly