Added securityContext for k8s

developmentseed / titiler

Build your own Raster dynamic map tile services

https://developmentseed.org/titiler/

MIT License

766 stars 157 forks source link

Added securityContext for k8s #657

Closed holgerbach closed 1 year ago

holgerbach commented 1 year ago

SecurityContext needed for hardening, which you can define in your values.yaml as follows:

securityContext:
  capabilities:
    drop:
      - ALL
  readOnlyRootFilesystem: true
  allowPrivilegeEscalation: false
  runAsNonRoot: true
  runAsUser: 1000

podSecurityContext:
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 1000

Default
Version Release

vincentsarago commented 1 year ago

@ividito @ranchodeluxe would you be able to review this PR? 🙏

ranchodeluxe commented 1 year ago

@holgerbach: I see your previous commit added an empty {} but then you changed your mind.

I don't think most folks will want to use securityContext: by default. Do you mind changing it back to {} as the default?