feat: support a more secure security-context (#76)

Apollorion · web-flow · commit 020bdb9afe34 · 2024-09-17T12:59:42.000-04:00
diff --git a/spacelift-promex/templates/deployment.yaml b/spacelift-promex/templates/deployment.yaml
@@ -40,6 +40,15 @@ spec:
           ports:
             - name: metrics
               containerPort: 9953
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            seccompProfile:
+              type: "RuntimeDefault"
+            runAsUser: 1983
           readinessProbe:
             httpGet:
               path: /health
