From 06b2897d95fd91e6d2ea775a3fba25b6c483fc50 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sat, 16 Sep 2023 00:12:02 +0200
Subject: [PATCH] feat(syncthing): Add PSS restricted securityContext

---
 apps/k8s01/syncthing/syncthing.yaml | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/apps/k8s01/syncthing/syncthing.yaml b/apps/k8s01/syncthing/syncthing.yaml
index e56e0cead..ac8361ab5 100644
--- a/apps/k8s01/syncthing/syncthing.yaml
+++ b/apps/k8s01/syncthing/syncthing.yaml
@@ -53,6 +53,17 @@ spec:
           httpGet:
             path: /rest/noauth/health 
             port: web
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+              - ALL
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
   volumeClaimTemplates:
     - metadata:
         name: storage
-- 
GitLab