add securitycontext and remove env file

Signed-off-by: Jordan Dubrick <[email protected]>
devfile · Mar 8, 2024 · 00df100 · 00df100
1 parent 344788d
commit 00df100
Showing 1 changed file with 7 additions and 11 deletions.
diff --git a/deploy/chart/devfile-registry/templates/deployment.yaml b/deploy/chart/devfile-registry/templates/deployment.yaml
@@ -38,6 +38,13 @@ spec:
         release: "{{ .Release.Name }}"
         heritage: "{{ .Release.Service }}"
     spec:
+      {{- if .Values.persistence.enabled }}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1001
+        runAsGroup: 2001
+        fsGroup: 3001
+      {{- end }}
       volumes:
         - name: devfile-registry-storage
         {{- if .Values.persistence.enabled }}
@@ -52,12 +59,6 @@ spec:
             items:
               - key: registry-config.yml
                 path: config.yml
-        - name: viewer-env-file
-          configMap:
-            name: {{ template "devfileregistry.fullname" . }}
-            items:
-              - key: .env.registry-viewer
-                path: .env.production
       containers:
       - image: "{{ .Values.devfileIndex.image }}:{{ .Values.devfileIndex.tag }}"
         imagePullPolicy: {{ .Values.devfileIndex.imagePullPolicy }}
@@ -147,11 +148,6 @@ spec:
                   "fqdn": "{{ template "devfileregistry.ingressUrl" . }}"
                 }
               ]
-        volumeMounts:
-          - name: viewer-env-file
-            mountPath: /app/.env.production
-            subPath: .env.production
-            readOnly: true
         securityContext:
           allowPrivilegeEscalation: false
           runAsNonRoot: true