Add securitycontext settings on defaultbackend

Signed-off-by: Alexis Martinier <a.martinier@gmail.com>
2020-10-21 11:15:15 +02:00 · 2020-10-21 11:15:15 +02:00 · 8c56e4df9d
commit 8c56e4df9d
parent fb6a03ffb4
2 changed files with 9 additions and 0 deletions
--- a/charts/ingress-nginx/templates/default-backend-deployment.yaml
+++ b/charts/ingress-nginx/templates/default-backend-deployment.yaml
@ -52,7 +52,13 @@ spec:
          {{- end }}
        {{- end }}
          securityContext:
+            capabilities:
+              drop:
+              - ALL
            runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
+            runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
+            allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
+            readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
        {{- if .Values.defaultBackend.extraEnvs }}
          env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
        {{- end }}
--- a/charts/ingress-nginx/values.yaml
+++ b/charts/ingress-nginx/values.yaml
@ -552,6 +552,9 @@ defaultBackend:
    pullPolicy: IfNotPresent
    # nobody user -> uid 65534
    runAsUser: 65534
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false

  extraArgs: {}