refactor security context and add proper version to piped frontend

This commit is contained in:
Joseph Hanson 2024-10-17 20:41:59 -05:00
parent dde7c66b70
commit 5cde98f529
Signed by: jahanson
SSH key fingerprint: SHA256:vy6dKBECV522aPAwklFM3ReKAVB086rT3oWwiuiFG7o

View file

@ -18,6 +18,11 @@ spec:
values: values:
defaultPodOptions: defaultPodOptions:
automountServiceAccountToken: false automountServiceAccountToken: false
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
controllers: controllers:
backend: backend:
@ -25,13 +30,6 @@ spec:
annotations: annotations:
secret.reloader.stakater.com/reload: piped-secret secret.reloader.stakater.com/reload: piped-secret
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers: containers:
app: app:
image: image:
@ -58,21 +56,13 @@ spec:
frontend: frontend:
strategy: RollingUpdate strategy: RollingUpdate
pod:
securityContext:
runAsUser: 101
runAsGroup: 101
fsGroup: 101
fsGroupChangePolicy: "OnRootMismatch"
containers: containers:
app: app:
image: image:
repository: ghcr.io/bjw-s-labs/piped-frontend repository: ghcr.io/bjw-s-labs/piped-frontend
tag: latest@sha256:07ab90aa25302bcc6673d7a52b5d4b129490a8fb543d5648b87ed1d366ce547e tag: 2024.10.17@sha256:2d11886aef42a280e6ee924126882f7bb3593d87f0b27f8d035067cbc29c8edb
env: env:
HTTP_PORT: 8080
HTTP_WORKERS: 4
BACKEND_HOSTNAME: piped-api.hsn.dev BACKEND_HOSTNAME: piped-api.hsn.dev
probes: probes:
liveness: liveness:
@ -87,15 +77,13 @@ spec:
memory: 256Mi memory: 256Mi
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
readOnlyRootFilesystem: true
ytproxy: ytproxy:
strategy: RollingUpdate strategy: RollingUpdate
pod:
securityContext:
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: "OnRootMismatch"
containers: containers:
app: app: