Skip to content

Commit

Permalink
Added security_context
Browse files Browse the repository at this point in the history
  • Loading branch information
@BSick7
BSick7 committed Aug 8, 2023
1 parent a5198d7 commit eaa0e15
Show file tree
Hide file tree
Showing 3 changed files with 9 additions and 1 deletion.
2 changes: 2 additions & 0 deletions .github/workflows/publish.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,8 @@ on:
tags:
- 'v*'

permissions: read-all

env:
NULLSTONE_ORG: nullstone
NULLSTONE_API_KEY: ${{ secrets.NULLSTONE_API_KEY }}
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/scan.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ env:
NULLSTONE_API_KEY: ${{ secrets.NULLSTONE_API_KEY }}

jobs:
publish:
scan:
runs-on: ubuntu-latest

defaults:
Expand Down
6 changes: 6 additions & 0 deletions deployment.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,12 @@ resource "kubernetes_deployment_v1" "this" {
image = "${local.service_image}:${local.app_version}"
args = local.command

security_context {
capabilities {
drop = ["NET_RAW"]
}
}

resources {
limits = {
cpu = var.cpu
Expand Down

0 comments on commit eaa0e15

Please sign in to comment.