Merge remote-tracking branch 'origin/main' into feat/pomerium-postgre…

…s-ha
sighupio · Nov 14, 2024 · 4f22e00 · 4f22e00
2 parents 9fd1465 + e451cc9
commit 4f22e00
Show file tree

Hide file tree

Showing 2 changed files with 14 additions and 6 deletions.
diff --git a/katalog/pomerium/deploy.yml b/katalog/pomerium/deploy.yml
@@ -73,11 +73,25 @@ spec:
           securityContext:
             allowPrivilegeEscalation: false
             runAsNonRoot: true
+            privileged: false
+            runAsUser: 65532
+            runAsGroup: 65532
+            readOnlyRootFilesystem: true
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+                - ALL
           volumeMounts:
+            # This tmp mount is needed so we can have readOnlyRootFilesystem: true
+            - name: tmp
+              mountPath: /tmp
             - mountPath: /etc/pomerium/
               name: pomerium-policy
       volumes:
         - configMap:
             defaultMode: 420
             name: pomerium-policy
           name: pomerium-policy
+        - name: tmp
+          emptyDir: {}
diff --git a/katalog/pomerium/postgres/MAINTENANCE.md b/katalog/pomerium/postgres/MAINTENANCE.md
@@ -1,9 +1,3 @@
-# Copyright (c) 2017-present SIGHUP s.r.l All rights reserved.
-
-# Use of this source code is governed by a BSD-style
-
-# license that can be found in the LICENSE file.
-
 # Postgres
 
 Upstream documentation is located at: <https://github.com/bitnami/charts/tree/main/bitnami/postgresql>