diff --git a/apps-gx10/fc-system/deployment-mysql-operator.json b/apps-gx10/fc-system/deployment-mysql-operator.json index a1be2c9..27b11eb 100644 --- a/apps-gx10/fc-system/deployment-mysql-operator.json +++ b/apps-gx10/fc-system/deployment-mysql-operator.json @@ -56,8 +56,8 @@ "value": "http://+:8080" } ], - "image": "localhost/fc-mysql-operator:gx10-v1", - "imagePullPolicy": "IfNotPresent", + "image": "localhost/fc-mysql-operator:v20260617-sec5-3c6649c", + "imagePullPolicy": "Never", "livenessProbe": { "failureThreshold": 3, "httpGet": { @@ -90,28 +90,58 @@ "successThreshold": 1, "timeoutSeconds": 3 }, - "resources": { - "limits": { - "cpu": "500m", - "memory": "512Mi" - }, - "requests": { - "cpu": "250m", - "memory": "256Mi" - } - }, - "terminationMessagePath": "/dev/termination-log", - "terminationMessagePolicy": "File" - } - ], - "dnsPolicy": "ClusterFirst", - "restartPolicy": "Always", - "schedulerName": "default-scheduler", - "securityContext": {}, - "serviceAccount": "mysql-operator", - "serviceAccountName": "mysql-operator", - "terminationGracePeriodSeconds": 30 - } + "resources": { + "limits": { + "cpu": "500m", + "memory": "512Mi" + }, + "requests": { + "cpu": "250m", + "memory": "256Mi" + } + }, + "securityContext": { + "allowPrivilegeEscalation": false, + "capabilities": { + "drop": [ + "ALL" + ] + }, + "readOnlyRootFilesystem": true + }, + "terminationMessagePath": "/dev/termination-log", + "terminationMessagePolicy": "File", + "volumeMounts": [ + { + "mountPath": "/tmp", + "name": "tmp" + } + ] + } + ], + "dnsPolicy": "ClusterFirst", + "restartPolicy": "Always", + "schedulerName": "default-scheduler", + "securityContext": { + "fsGroup": 1654, + "fsGroupChangePolicy": "OnRootMismatch", + "runAsGroup": 1654, + "runAsNonRoot": true, + "runAsUser": 1654, + "seccompProfile": { + "type": "RuntimeDefault" + } + }, + "serviceAccount": "mysql-operator", + "serviceAccountName": "mysql-operator", + "terminationGracePeriodSeconds": 30, + "volumes": [ + { + "emptyDir": {}, + "name": "tmp" + } + ] + } } } }