mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
32 lines
797 B
YAML
32 lines
797 B
YAML
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
---
|
|
containerSecurityContext:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- "ALL"
|
|
enabled: true
|
|
privileged: false
|
|
# TODO: the service can't run with read only filesystem or as non-root
|
|
# readOnlyRootFilesystem: true
|
|
# runAsGroup: 101
|
|
# runAsNonRoot: true
|
|
# runAsUser: 101
|
|
seccompProfile:
|
|
type: "RuntimeDefault"
|
|
|
|
extraEnvVars:
|
|
- name: "UVS_ACCESS_TOKEN"
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: "opendesk-matrix-user-verification-service-account"
|
|
key: "access_token"
|
|
- name: "UVS_DISABLE_IP_BLACKLIST"
|
|
value: "true"
|
|
|
|
podSecurityContext:
|
|
enabled: true
|
|
fsGroup: 101
|
|
...
|