Add securitycontext settings on defaultbackend

Signed-off-by: Alexis Martinier <a.martinier@gmail.com>

charts/ingress-nginx/templates/default-backend-deployment.yaml

@@ -52,7 +52,13 @@ spec:
           {{- end }}
         {{- end }}
           securityContext:
+            capabilities:
+              drop:
+              - ALL
             runAsUser: {{ .Values.defaultBackend.image.runAsUser }}
+            runAsNonRoot: {{ .Values.defaultBackend.image.runAsNonRoot }}
+            allowPrivilegeEscalation: {{ .Values.defaultBackend.image.allowPrivilegeEscalation }}
+            readOnlyRootFilesystem: {{ .Values.defaultBackend.image.readOnlyRootFilesystem}}
         {{- if .Values.defaultBackend.extraEnvs }}
           env: {{ toYaml .Values.defaultBackend.extraEnvs | nindent 12 }}
         {{- end }}

charts/ingress-nginx/values.yaml

@@ -552,6 +552,9 @@ defaultBackend:
     pullPolicy: IfNotPresent
     # nobody user -> uid 65534
     runAsUser: 65534
+    runAsNonRoot: true
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
 
   extraArgs: {}