From 88e91b944ee01bcd8ed640537933dbc573cae300 Mon Sep 17 00:00:00 2001
From: Kenny Leung <k4leung4@gmail.com>
Date: Thu, 17 Feb 2022 02:31:54 -0800
Subject: [PATCH] add securityContext to deployment. (#678)

Signed-off-by: Kenny Leung <kleung@chainguard.dev>
---
 config/rekor.yaml   | 6 ++++++
 config/watcher.yaml | 6 ++++++
 2 files changed, 12 insertions(+)

diff --git a/config/rekor.yaml b/config/rekor.yaml
index 5a7cdce..19ff2e5 100644
--- a/config/rekor.yaml
+++ b/config/rekor.yaml
@@ -79,6 +79,12 @@ spec:
           requests:
             memory: "1G"
             cpu: ".5"
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop:
+            - all
 ---
 apiVersion: v1
 kind: Service
diff --git a/config/watcher.yaml b/config/watcher.yaml
index 072eb20..659ad09 100644
--- a/config/watcher.yaml
+++ b/config/watcher.yaml
@@ -54,3 +54,9 @@ spec:
           requests:
             memory: "1G"
             cpu: ".5"
+        securityContext:
+          readOnlyRootFilesystem: true
+          runAsNonRoot: true
+          capabilities:
+            drop:
+            - all
-- 
GitLab