Update ingress.tf - 4.10.1 + runAsNonRoot (#17)

mathieu-benoit · web-flow · commit f978a0babbcc · 2024-06-21T08:25:42.000+02:00
* Update ingress.tf - 4.10.1 + runAsNonRoot
diff --git a/modules/base/ingress.tf b/modules/base/ingress.tf
@@ -15,7 +15,7 @@ resource "helm_release" "ingress_nginx" {
   repository       = "https://kubernetes.github.io/ingress-nginx"
 
   chart   = "ingress-nginx"
-  version = "4.10.0"
+  version = "4.10.1"
   wait    = true
   timeout = 600
 
@@ -55,5 +55,40 @@ resource "helm_release" "ingress_nginx" {
     value = var.ingress_nginx_min_unavailable
   }
 
+  set {
+    name  = "controller.containerSecurityContext.runAsUser"
+    value = 101
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.runAsGroup"
+    value = 101
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.allowPrivilegeEscalation"
+    value = false
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.readOnlyRootFilesystem"
+    value = false
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.runAsNonRoot"
+    value = true
+  }
+
+  set_list {
+    name  = "controller.containerSecurityContext.capabilities.drop"
+    value = ["ALL"]
+  }
+
+  set_list {
+    name  = "controller.containerSecurityContext.capabilities.add"
+    value = ["NET_BIND_SERVICE"]
+  }
+
   depends_on = [module.azure_aks.node_resource_group]
 }
