From 8f097406773ad769e3bece6af6c994df8254228c Mon Sep 17 00:00:00 2001
From: Dominik Kaminski <kaminski@univention.de>
Date: Thu, 11 Jan 2024 15:56:39 +0100
Subject: [PATCH] fix(jitsi): Add available securityContexts here

---
 helmfile/apps/jitsi/values-jitsi.yaml.gotmpl | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
index bfdea1f8..cbb7a8fb 100644
--- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
@@ -10,6 +10,19 @@ global:
   imagePullSecrets:
     {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  enabled: true
+  readOnlyRootFilesystem: true
+  capabilities:
+    drop:
+      - "ALL"
+  seccompProfile:
+    type: "RuntimeDefault"
+  runAsUser: 1993
+  runAsGroup: 1993
+  runAsNonRoot: true
+
 cleanup:
   deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
 
@@ -126,6 +139,10 @@ patchJVB:
   configuration:
     staticLoadbalancerIP: {{ .Values.cluster.networking.ingressGatewayIP | quote }}
     loadbalancerStatusField: {{ .Values.cluster.networking.loadBalancerStatusField | quote }}
+  containerSecurityContext:
+    allowPrivilegeEscalation: false
+    enabled: true
+    readOnlyRootFilesystem: true
   image:
     imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     registry: {{ .Values.global.imageRegistry | default .Values.images.jitsiPatchJVB.registry | quote }}