diff --git a/deployment/base/hg-deployment.yaml b/deployment/base/hg-deployment.yaml index 8f2e1272b..4c26d2592 100644 --- a/deployment/base/hg-deployment.yaml +++ b/deployment/base/hg-deployment.yaml @@ -79,6 +79,9 @@ spec: spec: securityContext: fsGroup: 33 + runAsUser: 33 + runAsGroup: 33 # www-data + runAsNonRoot: true containers: - name: hgweb image: ghcr.io/sillsdev/lexbox-hgweb:latest @@ -176,6 +179,7 @@ spec: securityContext: runAsUser: 33 runAsGroup: 33 # www-data + runAsNonRoot: true image: busybox:1.36.1 command: - 'sh' diff --git a/deployment/init-repos/hg-deployment-patch.yaml b/deployment/init-repos/hg-deployment-patch.yaml index 82ac50d91..1fefc7d51 100644 --- a/deployment/init-repos/hg-deployment-patch.yaml +++ b/deployment/init-repos/hg-deployment-patch.yaml @@ -11,6 +11,7 @@ spec: securityContext: runAsUser: 33 runAsGroup: 33 # www-data + runAsNonRoot: true image: busybox:1.36.1 command: - 'sh'