bluejay/bluejay-infra
1
0
Fork 0
Code Issues Pull Requests 15 Actions Packages Projects Releases Wiki Activity

Deploy Media SEC-5 non-root image to GX10

Browse Source
This commit is contained in:
Andrew Stoltz
2026-06-17 08:47:40 -05:00
parent 18f4f657f8
commit ed32a65873
1 changed files with 54 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
apps-gx10/fc-media/deployment-fc-media-web.json
View File

@@ -92,7 +92,7 @@
} }
} }
], ],
"image": "localhost/fc-media-web:gx10-v1", "image": "localhost/fc-media-web:v20260617-sec5-media-f9228d2",
"imagePullPolicy": "Never", "imagePullPolicy": "Never",
"livenessProbe": { "livenessProbe": {
"failureThreshold": 3, "failureThreshold": 3,
@@ -148,6 +148,15 @@
"memory": "1Gi" "memory": "1Gi"
} }
}, },
"securityContext": {
"allowPrivilegeEscalation": false,
"capabilities": {
"drop": [
"ALL"
]
},
"readOnlyRootFilesystem": true
},
"startupProbe": { "startupProbe": {
"failureThreshold": 18, "failureThreshold": 18,
"httpGet": { "httpGet": {
@@ -190,6 +199,14 @@
{ {
"mountPath": "/media/inbox", "mountPath": "/media/inbox",
"name": "media-inbox" "name": "media-inbox"
},
{
"mountPath": "/tmp",
"name": "temp"
},
{
"mountPath": "/app/logs",
"name": "logs"
} }
] ]
} }
@@ -197,7 +214,13 @@
"dnsPolicy": "ClusterFirst", "dnsPolicy": "ClusterFirst",
"restartPolicy": "Always", "restartPolicy": "Always",
"schedulerName": "default-scheduler", "schedulerName": "default-scheduler",
"securityContext": {}, "securityContext": {
"fsGroup": 1654,
"fsGroupChangePolicy": "OnRootMismatch",
"runAsGroup": 1654,
"runAsNonRoot": true,
"runAsUser": 1654
},
"terminationGracePeriodSeconds": 30, "terminationGracePeriodSeconds": 30,
"volumes": [ "volumes": [
{ {
@@ -234,6 +257,14 @@
"readOnly": true, "readOnly": true,
"server": "10.0.58.3" "server": "10.0.58.3"
} }
},
{
"emptyDir": {},
"name": "temp"
},
{
"emptyDir": {},
"name": "logs"
} }
] ]
} }