From 26779c2d5c76489b23e1eb0e154f5d740f622b5d Mon Sep 17 00:00:00 2001
From: Joseph Hanson <joe@veri.dev>
Date: Thu, 10 Oct 2024 15:31:38 -0500
Subject: [PATCH] update security context.

---
 .../apps/observability/victoria-metrics/cluster/vmagent.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/kubernetes/apps/observability/victoria-metrics/cluster/vmagent.yaml b/kubernetes/apps/observability/victoria-metrics/cluster/vmagent.yaml
index d793d1a5..dec02dbc 100644
--- a/kubernetes/apps/observability/victoria-metrics/cluster/vmagent.yaml
+++ b/kubernetes/apps/observability/victoria-metrics/cluster/vmagent.yaml
@@ -32,6 +32,11 @@ spec:
         resources:
           requests:
             storage: 1Gi
+  securityContext:
+    runAsUser: 65534
+    runAsGroup: 65534
+    runAsNonRoot: true
+    fsGroup: 65534
   topologySpreadConstraints:
     - maxSkew: 1
       topologyKey: kubernetes.io/hostname