From 19515dc15f4a20af3d272dbb93647d37149e6c82 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Max=20Str=C3=BCbing?= <mxstrbng@gmail.com>
Date: Wed, 6 Sep 2023 09:31:15 +0200
Subject: [PATCH] feat: specifiy security context

---
 services/ai-navigator-app/0.1.0/ai-navigator-app.yaml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/services/ai-navigator-app/0.1.0/ai-navigator-app.yaml b/services/ai-navigator-app/0.1.0/ai-navigator-app.yaml
index 77ad7856e..1b0c2d8d3 100644
--- a/services/ai-navigator-app/0.1.0/ai-navigator-app.yaml
+++ b/services/ai-navigator-app/0.1.0/ai-navigator-app.yaml
@@ -81,6 +81,15 @@ spec:
             initialDelaySeconds: 60
             timeoutSeconds: 30
             failureThreshold: 10
+      securityContext:
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
+        readOnlyRootFilesystem: true
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
 ---
 apiVersion: v1
 kind: Service