feat: Addressing feedback

snyk · Mar 6, 2024 · 9593bdb · 9593bdb
1 parent c2c394a
commit 9593bdb
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 6 deletions.
diff --git a/charts/snyk-broker/templates/_helpers.tpl b/charts/snyk-broker/templates/_helpers.tpl
@@ -120,4 +120,4 @@ tls-secret-{{ .Release.Name }}
 {{- else -}}
 tls-secret
 {{- end -}}
-{{- end -}}
+{{- end -}}
diff --git a/charts/snyk-broker/values.yaml b/charts/snyk-broker/values.yaml
@@ -193,10 +193,10 @@ logEnableBody: "false"
 ##### Enable HTTPS #####
 
 # Location of mounted cert
-httpsCert: "MyCertificate.crt"
+httpsCert: ""
 
 # Location of mounted HTTPS key
-httpsKey: "MyKey.key"
+httpsKey: ""
 
 ##### HTTPS Inspection #####
 
@@ -320,20 +320,31 @@ podSecurityContext: {}
 # These can be adjusted at your own risk. 
 
 securityContext: 
+   capabilities:
+     drop:
+     - ALL
+   readOnlyRootFilesystem: true
    allowPrivilegeEscalation: false
-   runAsUser: 0
+   runAsNonRoot: true
+   runAsUser: 1000
 
 securityContextCr: 
+   capabilities:
+     drop:
+     - ALL
+   allowPrivilegeEscalation: false
    readOnlyRootFilesystem: false
-   runAsUser: 0
+   runAsNonRoot: true
+   runAsUser: 1000
 
 securityContextCa: 
    capabilities:
      drop:
      - ALL
    allowPrivilegeEscalation: false
    readOnlyRootFilesystem: false
-   runAsUser: 0
+   runAsNonRoot: true
+   runAsUser: 1000
 
 ##### Service Types #####
 # If you prefer to adjust how communication to the cluster occurs, these values can be adjusted