From 79839237e282612fca7a27b208291e257b96b257 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Mon, 19 Feb 2024 00:04:59 +0100
Subject: [PATCH] fix(dashboard): fix missing security context topics

---
 infrastructure/dashboard/kubernetes-dashboard.yaml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/infrastructure/dashboard/kubernetes-dashboard.yaml b/infrastructure/dashboard/kubernetes-dashboard.yaml
index 15bee85ab..d5c1a77b8 100644
--- a/infrastructure/dashboard/kubernetes-dashboard.yaml
+++ b/infrastructure/dashboard/kubernetes-dashboard.yaml
@@ -262,6 +262,7 @@ spec:
         app.kubernetes.io/version: "v1.0.0"
     spec:
       securityContext:
+        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -284,6 +285,9 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1001
             runAsGroup: 2001
+            capabilities:
+              drop:
+                - ALL
       volumes:
         - name: tmp-volume
           emptyDir: {}
@@ -316,6 +320,7 @@ spec:
         app.kubernetes.io/version: "v1.0.0"
     spec:
       securityContext:
+        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -335,6 +340,9 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1001
             runAsGroup: 2001
+            capabilities:
+              drop:
+                - ALL
       volumes:
         - name: tmp-volume
           emptyDir: {}
@@ -367,6 +375,7 @@ spec:
         app.kubernetes.io/version: "v1.0.9"
     spec:
       securityContext:
+        runAsNonRoot: true
         seccompProfile:
           type: RuntimeDefault
       containers:
@@ -391,6 +400,9 @@ spec:
             readOnlyRootFilesystem: true
             runAsUser: 1001
             runAsGroup: 2001
+            capabilities:
+              drop:
+                - ALL
       volumes:
         - name: tmp-volume
           emptyDir: {}
-- 
GitLab