chore(vault): disable CSI and set pod security standards

2025-11-23 15:01:26 +09:00
parent bcf9cab7b8
commit fa8e2bd8c7
2 changed files with 33 additions and 17 deletions
--- a/vault/vault-values.gomplate.yaml
+++ b/vault/vault-values.gomplate.yaml
@@ -1,4 +1,17 @@
 injector:
+  securityContext:
+    pod:
+      runAsNonRoot: true
+      runAsUser: 100
+      runAsGroup: 1000
+      fsGroup: 1000
+      seccompProfile:
+        type: RuntimeDefault
+    container:
+      allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
  resources:
    requests:
      cpu: 50m
@@ -8,24 +21,23 @@ injector:
      memory: 128Mi

 csi:
-  enabled: true
-  agent:
-    resources:
-      requests:
-        cpu: 50m
-        memory: 128Mi
-      limits:
-        cpu: 50m
-        memory: 128Mi
-  resources:
-    requests:
-      cpu: 50m
-      memory: 64Mi
-    limits:
-      cpu: 50m
-      memory: 128Mi
+  enabled: false

 server:
+  statefulSet:
+    securityContext:
+      pod:
+        runAsNonRoot: true
+        runAsUser: 100
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
+      container:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
  resources:
    requests:
      cpu: 50m