Added more security context

ScilifelabDataCentre · May 6, 2024 · 6b0c90f · 6b0c90f
1 parent 20c0e65
commit 6b0c90f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/manifests/base/deployment.yaml b/manifests/base/deployment.yaml
@@ -8,16 +8,17 @@ spec:
   selector:
     matchLabels:
       app: locust
-  securityContext:
-    runAsNonRoot: true
-    allowPrivilegeEscalation: false
   template:
     metadata:
       labels:
         app: locust
       annotations:
         statefulset.kubernetes.io/pod-name: locust
     spec:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - name: locust
         image: ghcr.io/scilifelabdatacentre/serve-load-testing:main-20240503-1109
@@ -26,6 +27,8 @@ spec:
         envFrom:
         - secretRef:
             name: locust-secrets
+        securityContext:
+          allowPrivilegeEscalation: false
         resources:
           limits:
             cpu: "1"

diff --git a/manifests/base/postgres-deployment.yaml b/manifests/base/postgres-deployment.yaml
@@ -37,6 +37,10 @@ spec:
       labels:
         app: postgres
     spec:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - name: postgres
         image: cyberw/locust-timescale:6 #postgres:latest
@@ -45,6 +49,8 @@ spec:
             name: postgres-secret
         ports:
         - containerPort: 5432
+        securityContext:
+          allowPrivilegeEscalation: false
         resources:
           limits:
             cpu: "2"