Climatems PSS (#76)

ubergesundheit · web-flow · commit aa2664245f17 · 2025-02-12T11:38:42.000+01:00
* Add securityContext to climatems

* Add pss ns annotation for climatems
diff --git a/apps/climatems/climatems.yaml b/apps/climatems/climatems.yaml
@@ -63,8 +63,6 @@ metadata:
     app.kubernetes.io/name: climatems
     app.kubernetes.io/component: webserver
     app.kubernetes.io/part-of: climatems
-  annotations:
-    kube-linter.io/ignore-all: "true"
 spec:
   replicas: 1
   selector:
@@ -81,6 +79,8 @@ spec:
     spec:
       automountServiceAccountToken: false
       serviceAccountName: climatems-climatems
+      securityContext:
+        fsGroup: 1000
       containers:
       - name: climatems
         image: ghcr.io/codeformuenster/climatems:v0.1.0
@@ -89,4 +89,15 @@ spec:
         resources:
           requests:
             memory: "100Mi"
-            cpu: "200m"
+            cpu: "200m"
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          readOnlyRootFilesystem: true
+          runAsGroup: 1000
+          runAsNonRoot: true
+          runAsUser: 1000
+          seccompProfile:
+            type: RuntimeDefault
diff --git a/apps/climatems/kustomization.yaml b/apps/climatems/kustomization.yaml
@@ -4,5 +4,5 @@ kind: Kustomization
 namespace: c4m-climatems
 
 resources:
-- ../../base/namespace
+- ../../base/namespace-pss-restricted
 - climatems.yaml
