diff --git a/apps-gx10/fc-menuboard/deployment-menuboard-web.json b/apps-gx10/fc-menuboard/deployment-menuboard-web.json index a005cf4..25e2443 100644 --- a/apps-gx10/fc-menuboard/deployment-menuboard-web.json +++ b/apps-gx10/fc-menuboard/deployment-menuboard-web.json @@ -48,8 +48,8 @@ } } ], - "image": "localhost/fc-menuboard-web:gx10-v1", - "imagePullPolicy": "Never", + "image": "localhost/fc-menuboard-web:v20260617-sec5-menuboard-303a636", + "imagePullPolicy": "Never", "livenessProbe": { "failureThreshold": 3, "httpGet": { @@ -82,31 +82,62 @@ "successThreshold": 1, "timeoutSeconds": 5 }, - "resources": {}, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File", - "volumeMounts": [ - { - "mountPath": "/data", - "name": "data" - } - ] - } + "resources": {}, + "securityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + }, + "readOnlyRootFilesystem": true + }, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File", + "volumeMounts": [ + { + "mountPath": "/data", + "name": "data" + }, + { + "mountPath": "/tmp", + "name": "temp" + }, + { + "mountPath": "/app/logs", + "name": "logs" + } + ] + } ], "dnsPolicy": "ClusterFirst", "restartPolicy": "Always", "schedulerName": "default-scheduler", - "securityContext": {}, + "securityContext": { + "fsGroup": 1654, + "fsGroupChangePolicy": "OnRootMismatch", + "runAsGroup": 1654, + "runAsNonRoot": true, + "runAsUser": 1654 + }, "terminationGracePeriodSeconds": 30, "volumes": [ - { - "name": "data", - "persistentVolumeClaim": { - "claimName": "menuboard-web-data" - } - } - ] - } + { + "name": "data", + "persistentVolumeClaim": { + "claimName": "menuboard-web-data" + } + }, + { + "emptyDir": {}, + "name": "temp" + }, + { + "emptyDir": {}, + "name": "logs" + } + ] + } } } }