From 6b5e81270f417ffa55a5c8069ebee1471cb6d15a Mon Sep 17 00:00:00 2001
From: Mihai <git@mehi.dev>
Date: Tue, 28 Jan 2025 11:39:47 +0100
Subject: [PATCH] add securityContext to deployment

---
 charts/kafka-exporter/templates/deployment.yaml |  2 ++
 charts/kafka-exporter/values.yaml               | 11 +++++++++++
 2 files changed, 13 insertions(+)

diff --git a/charts/kafka-exporter/templates/deployment.yaml b/charts/kafka-exporter/templates/deployment.yaml
index e2449a2d..bfe7841b 100644
--- a/charts/kafka-exporter/templates/deployment.yaml
+++ b/charts/kafka-exporter/templates/deployment.yaml
@@ -111,6 +111,8 @@ spec:
           {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
       {{- with .Values.nodeSelector }}
 
       nodeSelector:
diff --git a/charts/kafka-exporter/values.yaml b/charts/kafka-exporter/values.yaml
index 2fc97147..56e7c15e 100644
--- a/charts/kafka-exporter/values.yaml
+++ b/charts/kafka-exporter/values.yaml
@@ -85,3 +85,14 @@ nodeSelector: {}
 tolerations: []
 
 affinity: {}
+
+securityContext:  
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop: ["ALL"]
+  seccompProfile:
+    type: RuntimeDefault
+  readOnlyRootFilesystem: true
+  runAsGroup: 10000
+  runAsNonRoot: true
+  runAsUser: 10000