From 6a3794f3d62e0f88f61d69cb557c65eb422766df Mon Sep 17 00:00:00 2001
From: Sachin Kamboj <skamboj1@bloomberg.net>
Date: Tue, 14 May 2024 10:05:07 -0400
Subject: [PATCH] Secure by default - set the security context and pod security
 context

Signed-off-by: Sachin Kamboj <skamboj1@bloomberg.net>
---
 charts/goldpinger/values.yaml | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/charts/goldpinger/values.yaml b/charts/goldpinger/values.yaml
index a721215..b0cd8d2 100644
--- a/charts/goldpinger/values.yaml
+++ b/charts/goldpinger/values.yaml
@@ -119,19 +119,22 @@ podSecurityPolicy:
 
 ## Set security context of the goldpinger container
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-containerSecurityContext: {}
-#  allowPrivilegeEscalation: false
-#  privileged: false
-#  readOnlyRootFilesystem: true
+containerSecurityContext:
+  capabilities:
+    drop:
+      - ALL
+  allowPrivilegeEscalation: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
 
 ## Set security context of the pod
 ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
-podSecurityContext: {}
-#  runAsNonRoot: true
-#  runAsUser: 1001
-#  runAsGroup: 2001
-#  seccompProfile:
-#    type: RuntimeDefault
+podSecurityContext:
+  runAsNonRoot: true
+  runAsUser: 1000
+  fsGroup: 2000
+  seccompProfile:
+    type: RuntimeDefault
 
 serviceMonitor:
   enabled: false