baschno/buun-stack
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

chore(lakekeeper): set pod security standards

Browse Source
This commit is contained in:
Masaki Yatsu
2025-11-23 16:22:37 +09:00
parent 94e885cf75
commit 8b2fe12a8c
2 changed files with 26 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
lakekeeper/lakekeeper-values.gomplate.yaml
View File

@@ -48,6 +48,27 @@ catalog:
cpu: 100m
memory: 256Mi
# Security context for Pod Security Standards (restricted)
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
fsGroup: 1000
fsGroupChangePolicy: OnRootMismatch
seccompProfile:
type: RuntimeDefault
containerSecurityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 1000
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# Database migration configuration
dbMigrations: