chore(ollama): set pod security standards

2025-12-03 20:32:16 +09:00
parent 6d34cba4ba
commit 227caca78c
2 changed files with 21 additions and 0 deletions
--- a/ollama/values.gomplate.yaml
+++ b/ollama/values.gomplate.yaml
@@ -19,6 +19,21 @@ ollama:
 {{- end }}
 {{- end }}

+podSecurityContext:
+  fsGroup: 1000
+  seccompProfile:
+    type: RuntimeDefault
+
+securityContext:
+  runAsUser: 1000
+  runAsNonRoot: true
+  allowPrivilegeEscalation: false
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+      - ALL
+
 persistentVolume:
  enabled: true
  size: {{ .Env.OLLAMA_STORAGE_SIZE }}