From d8402bdec5c6d87866f0a890493f824bb8e1804e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lauri=20V=C3=B5sandi?= <lauri.vosandi@gmail.com>
Date: Sun, 25 Aug 2024 00:21:24 +0300
Subject: [PATCH] whoami: Drop privileges

---
 whoami/application.yml | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/whoami/application.yml b/whoami/application.yml
index 4476145..9e94001 100644
--- a/whoami/application.yml
+++ b/whoami/application.yml
@@ -14,6 +14,9 @@ spec:
       labels:
         app: whoami
     spec:
+      securityContext:
+        runAsUser: 65534
+        runAsGroup: 65534
       containers:
         - name: whoami
           image: traefik/whoami
@@ -24,9 +27,11 @@ spec:
             requests:
               cpu: 1m
               memory: 2Mi
+          securityContext:
+            readOnlyRootFilesystem: true
           ports:
-          - containerPort: 80
-            protocol: TCP
+            - containerPort: 80
+              protocol: TCP
 ---
 apiVersion: v1
 kind: Service