fix(docs): Add generated security-context.md

2025-12-08 00:11:38 +01:00 · 2024-02-11 21:09:31 +01:00
parent 01599022f1
commit d9e07ff7bd
46 changed files with 479 additions and 109 deletions
--- a/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
@@ -8,11 +8,10 @@ containerSecurityContext:
      - "ALL"
  enabled: true
  privileged: false
-  # TODO: the service can't run with read only filesystem or as non-root
-  # readOnlyRootFilesystem: true
-  # runAsGroup: 101
-  # runAsNonRoot: true
-  # runAsUser: 101
+  readOnlyRootFilesystem: false
+  runAsGroup: 0
+  runAsNonRoot: false
+  runAsUser: 0
  seccompProfile:
    type: "RuntimeDefault"

--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -76,6 +76,7 @@ containerSecurityContext:
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  runAsUser: 10991
+  runAsGroup: 10991
  seccompProfile:
    type: "RuntimeDefault"