Moved part of Kubernetes securityContext spec to container level

This best practice applys the securityContext to all container in the deployment and reduces code duplications
saidsef · Aug 25, 2023 · ee8c882 · ee8c882
1 parent 527f299
commit ee8c882
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/Dockerfile b/Dockerfile
@@ -5,7 +5,7 @@ ARG BAMBOO_VERSION=""
 ARG PORT=""
 ARG REF=""
 
-LABEL org.opencontainers.image.description="Containerised Atlassian Bomboo Server"
+LABEL org.opencontainers.image.description="Containerised Atlassian Bamboo Server"
 LABEL maintainer="Said Sef <said@saidsef.co.uk> (saidsef.co.uk/)"
 LABEL "uk.co.saidsef.bamboo"="${REF}"
 

diff --git a/deployment/base/statefulset.yml b/deployment/base/statefulset.yml
@@ -22,6 +22,10 @@ spec:
         name: bamboo
         app: bamboo
     spec:
+      securityContext:
+        runAsNonRoot: true
+        runAsGroup: 65534
+        runAsUser: 65534
       containers:
         - image: docker.io/saidsef/atlassian-bamboo-cicd:v2023.04
           imagePullPolicy: Always
@@ -56,9 +60,6 @@ spec:
               type: RuntimeDefault
             allowPrivilegeEscalation: false
             privileged: false
-            runAsGroup: 65534
-            runAsUser: 65534
-            runAsNonRoot: true
             readOnlyRootFilesystem: false
             capabilities:
               drop: