# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  enabled: true
  privileged: false
  # TODO: the service can't run with read only filesystem or as non-root
  # readOnlyRootFilesystem: true
  # runAsGroup: 101
  # runAsNonRoot: true
  # runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"

extraEnvVars:
  - name: "UVS_ACCESS_TOKEN"
    valueFrom:
      secretKeyRef:
        name: "opendesk-matrix-user-verification-service-account"
        key: "access_token"
  - name: "UVS_DISABLE_IP_BLACKLIST"
    value: "true"

podSecurityContext:
  enabled: true
  fsGroup: 101
...