Fixes #83, the first issue

Signed-off-by: David Karlsen <david@davidkarlsen.com>

Author: davidkarlsen

deployments/kubernetes/chart/gitwebhookproxy/templates/deployment.yaml

@@ -28,6 +28,9 @@ spec:
       labels:
 {{ include "gitwebhookproxy.labels.selector" . | indent 8 }}
     spec:
+      {{- with .Values.gitWebhookProxy.podSecurityContext }}
+      securityContext: {{ . | toYaml | nindent 8 }}
+      {{- end }}
       containers:
       - env:
         - name: KUBERNETES_NAMESPACE
@@ -92,6 +95,9 @@ spec:
             {{- end }}
         image: "{{ .Values.gitWebhookProxy.image.name }}:{{ .Values.gitWebhookProxy.image.tag }}"
         imagePullPolicy: {{ .Values.gitWebhookProxy.image.pullPolicy }}
+        {{- with .Values.gitWebhookProxy.securityContext }}
+        securityContext: {{ . | toYaml | nindent 10 }}
+        {{- end }}
       {{- if .Values.gitWebhookProxy.useCustomName }}
         name: {{ .Values.gitWebhookProxy.customName }}
       {{- else }}

deployments/kubernetes/chart/gitwebhookproxy/values.yaml

@@ -33,6 +33,12 @@ gitWebhookProxy:
         port: 80
         protocol: TCP
         targetPort: 8080
+  securityContext:
+    readOnlyRootFilesystem: true
+    allowPrivilegeEscalation: false
+  podSecurityContext:
+    runAsUser: 1001
+    runAsNonRoot: true
   ingress:
     enabled: false
     annotations: