Skip to content

Commit

Permalink
Security contexts for k8s (#657)
Browse files Browse the repository at this point in the history
  • Loading branch information
@holgerbach
holgerbach authored Jun 23, 2023
1 parent d405395 commit 047453f
Show file tree
Hide file tree
Showing 3 changed files with 19 additions and 1 deletion.
2 changes: 1 addition & 1 deletion deployment/k8s/charts/Chart.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,7 @@ apiVersion: v1
appVersion: 0.11.7
description: A dynamic Web Map tile server
name: titiler
version: 1.1.1
version: 1.1.2
icon: https://raw.githubusercontent.com/developmentseed/titiler/main/docs/logos/TiTiler_logo_small.png
maintainers:
- name: emmanuelmathot # Emmanuel Mathot
Expand Down
4 changes: 4 additions & 0 deletions deployment/k8s/charts/templates/deployment.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,14 @@ spec:
labels:
{{- include "titiler.selectorLabels" . | nindent 8 }}
spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
containers:
- name: {{ .Chart.Name }}
image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
env:
{{- range $key, $val := .Values.env }}
- name: {{ $key }}
Expand Down
14 changes: 14 additions & 0 deletions deployment/k8s/charts/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,3 +65,17 @@ nodeSelector: {}
tolerations: []

affinity: {}

securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# allowPrivilegeEscalation: false
# runAsNonRoot: true
# runAsUser: 1001

podSecurityContext: {}
# fsGroup: 1001
# runAsNonRoot: true
# runAsUser: 1001

0 comments on commit 047453f

Please sign in to comment.