day 2 attack fix

phoenix/deployment.yaml

@@ -16,35 +16,33 @@ spec:
         app: phoenix-app
     spec:
       serviceAccountName: phoenix-sa
-      hostPID: true
-      hostNetwork: true
-      dnsPolicy: ClusterFirstWithHostNet
       imagePullSecrets:
       - name: harbor-secret
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - name: phoenix-app
         image: harbor.mxhunt.in/k8s-lab/phoenix:c124f4748fc9bd33cc96f63198dfa5c7db683f22
         ports:
         - containerPort: 8080
-          hostPort: 8080
         env:
         - name: DEBUG_PATH
           valueFrom:
             configMapKeyRef:
               name: phoenix-config
               key: DEBUG_PATH
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          privileged: false
         livenessProbe:
           httpGet:
             path: /health
             port: 8080
           initialDelaySeconds: 5
-          periodSeconds: 10
-        securityContext:
-          privileged: true
-        volumeMounts:
-        - name: host-root
-          mountPath: /host
-      volumes:
-      - name: host-root
-        hostPath:
-          path: /
+          periodSeconds: 10