day 2 attack fix
This commit is contained in:
parent
7b7ae0eb6f
commit
5d6496ec2d
@ -16,35 +16,33 @@ spec:
|
|||||||
app: phoenix-app
|
app: phoenix-app
|
||||||
spec:
|
spec:
|
||||||
serviceAccountName: phoenix-sa
|
serviceAccountName: phoenix-sa
|
||||||
hostPID: true
|
|
||||||
hostNetwork: true
|
|
||||||
dnsPolicy: ClusterFirstWithHostNet
|
|
||||||
imagePullSecrets:
|
imagePullSecrets:
|
||||||
- name: harbor-secret
|
- name: harbor-secret
|
||||||
|
securityContext:
|
||||||
|
runAsNonRoot: true
|
||||||
|
runAsUser: 1000
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
containers:
|
containers:
|
||||||
- name: phoenix-app
|
- name: phoenix-app
|
||||||
image: harbor.mxhunt.in/k8s-lab/phoenix:c124f4748fc9bd33cc96f63198dfa5c7db683f22
|
image: harbor.mxhunt.in/k8s-lab/phoenix:c124f4748fc9bd33cc96f63198dfa5c7db683f22
|
||||||
ports:
|
ports:
|
||||||
- containerPort: 8080
|
- containerPort: 8080
|
||||||
hostPort: 8080
|
|
||||||
env:
|
env:
|
||||||
- name: DEBUG_PATH
|
- name: DEBUG_PATH
|
||||||
valueFrom:
|
valueFrom:
|
||||||
configMapKeyRef:
|
configMapKeyRef:
|
||||||
name: phoenix-config
|
name: phoenix-config
|
||||||
key: DEBUG_PATH
|
key: DEBUG_PATH
|
||||||
|
securityContext:
|
||||||
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop:
|
||||||
|
- ALL
|
||||||
|
privileged: false
|
||||||
livenessProbe:
|
livenessProbe:
|
||||||
httpGet:
|
httpGet:
|
||||||
path: /health
|
path: /health
|
||||||
port: 8080
|
port: 8080
|
||||||
initialDelaySeconds: 5
|
initialDelaySeconds: 5
|
||||||
periodSeconds: 10
|
periodSeconds: 10
|
||||||
securityContext:
|
|
||||||
privileged: true
|
|
||||||
volumeMounts:
|
|
||||||
- name: host-root
|
|
||||||
mountPath: /host
|
|
||||||
volumes:
|
|
||||||
- name: host-root
|
|
||||||
hostPath:
|
|
||||||
path: /
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user