From 24a82c05245e40e21787d2470484bf028dd8aace Mon Sep 17 00:00:00 2001
From: Klaas Sangers <klaas.sangers@axtion.nl>
Date: Thu, 25 Apr 2024 08:26:47 +0200
Subject: [PATCH] Improve container security

- Add security context capabilities with drop all in `charts/mailpit/values.yaml`
- Add seccompProfile to container security context in `charts/mailpit/values.yaml`
---
 charts/mailpit/values.yaml | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/charts/mailpit/values.yaml b/charts/mailpit/values.yaml
index 7c27772..f854ebd 100644
--- a/charts/mailpit/values.yaml
+++ b/charts/mailpit/values.yaml
@@ -84,10 +84,15 @@ podSecurityContext:
 ##
 containerSecurityContext:
   allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - ALL
   runAsUser: 1001
   runAsGroup: 1001
   runAsNonRoot: true
   readOnlyRootFilesystem: true
+  seccompProfile:
+    type: RuntimeDefault
 
 ## @param replicaCount Number of replicas to deploy
 ##