From 3c1c6903142093117cfe8dbd35c870573f153cf5 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Fri, 15 Sep 2023 23:29:34 +0200
Subject: [PATCH] feat(blog): Make blog deployment PSS restricted conform

---
 apps/k8s01/blog/blog.yaml | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/apps/k8s01/blog/blog.yaml b/apps/k8s01/blog/blog.yaml
index 3f6791da3..99cbf9b56 100644
--- a/apps/k8s01/blog/blog.yaml
+++ b/apps/k8s01/blog/blog.yaml
@@ -24,7 +24,7 @@ spec:
                 topologyKey: kubernetes.io/hostname
       automountServiceAccountToken: false
       containers:
-        - name: dnsproxy
+        - name: blog
           image: quay.io/shivering-isles/blog:latest
           imagePullPolicy: Always
           ports:
@@ -52,6 +52,15 @@ spec:
             failureThreshold: 1
             successThreshold: 3
             periodSeconds: 5
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+      securityContext:
+        allowPrivilegeEscalation: false
+        unAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
 ---
 apiVersion: v1
 kind: Service
-- 
GitLab