bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

gx10: deploy hardened MessageBoard web image

Browse Source
This commit is contained in:
Andrew Stoltz
2026-06-17 09:41:56 -05:00
parent 435e60a3f0
commit b353058b47
1 changed files with 48 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
apps-gx10/fc-messageboard/deployment-messageboard-web.json
View File

@@ -49,7 +49,7 @@
} }
} }
], ],
"image": "localhost/fc-messageboard-web:gx10-v1", "image": "localhost/fc-messageboard-web:v20260617-sec5-messageboard-e5f77ef",
"imagePullPolicy": "Never", "imagePullPolicy": "Never",
"livenessProbe": { "livenessProbe": {
"failureThreshold": 3, "failureThreshold": 3,
@@ -91,27 +91,58 @@
}, },
"terminationMessagePath": "/dev/termination-log", "terminationMessagePath": "/dev/termination-log",
"terminationMessagePolicy": "File", "terminationMessagePolicy": "File",
"volumeMounts": [ "volumeMounts": [
{ {
"mountPath": "/data", "mountPath": "/data",
"name": "data" "name": "data"
} },
] {
} "mountPath": "/app/logs",
], "name": "logs"
},
{
"mountPath": "/tmp",
"name": "tmp"
}
],
"securityContext": {
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
}
}
],
"dnsPolicy": "ClusterFirst", "dnsPolicy": "ClusterFirst",
"restartPolicy": "Always", "restartPolicy": "Always",
"schedulerName": "default-scheduler", "schedulerName": "default-scheduler",
"securityContext": {}, "securityContext": {
"fsGroup": 1654,
"fsGroupChangePolicy": "OnRootMismatch",
"runAsGroup": 1654,
"runAsNonRoot": true,
"runAsUser": 1654
},
"terminationGracePeriodSeconds": 30, "terminationGracePeriodSeconds": 30,
"volumes": [ "volumes": [
{ {
"name": "data", "name": "data",
"persistentVolumeClaim": { "persistentVolumeClaim": {
"claimName": "messageboard-web-data" "claimName": "messageboard-web-data"
} }
} },
] {
"name": "logs",
"emptyDir": {}
},
{
"name": "tmp",
"emptyDir": {}
}
]
} }
} }
} }