fix(nubus): Explicitly template security context for Keycloak proxy

2025-12-06 15:31:38 +01:00 · 2025-05-20 07:30:17 +02:00
parent 1edd7c3f06
commit e9594382ed
1 changed files with 11 additions and 0 deletions
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -706,6 +706,17 @@ nubusKeycloakExtensions:
    resources:
      {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
    securityContext:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - "ALL"
+      enabled: true
+      runAsUser: 1000
+      runAsGroup: 1000
+      seccompProfile:
+        type: "RuntimeDefault"
+      readOnlyRootFilesystem: true
+      runAsNonRoot: true
      seccompProfile:
        type: "RuntimeDefault"
      seLinuxOptions: