chore(external-secrets): upgrade and set pod security standards

2025-11-23 15:00:25 +09:00
parent 0957ef9791
commit bcf9cab7b8
3 changed files with 32 additions and 3 deletions
--- a/external-secrets/external-secrets-values.yaml
+++ b/external-secrets/external-secrets-values.yaml
@@ -1,6 +1,14 @@
 # External Secrets Operator resource configuration
 # Based on Goldilocks recommendations (Burstable QoS)

+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  runAsGroup: 1000
+  fsGroup: 1000
+  seccompProfile:
+    type: RuntimeDefault
+
 # Main controller
 resources:
  requests:
@@ -10,8 +18,14 @@ resources:
    cpu: 50m
    memory: 256Mi

-# Cert controller
 certController:
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    seccompProfile:
+      type: RuntimeDefault
  resources:
    requests:
      cpu: 15m
@@ -20,8 +34,14 @@ certController:
      cpu: 50m
      memory: 256Mi

-# Webhook
 webhook:
+  podSecurityContext:
+    runAsNonRoot: true
+    runAsUser: 1000
+    runAsGroup: 1000
+    fsGroup: 1000
+    seccompProfile:
+      type: RuntimeDefault
  resources:
    requests:
      cpu: 15m