fix: harden sheaft stack security context

a-a-k · a-a-k · commit 382c2061c239 · 2026-05-01T01:15:17.000+03:00
diff --git a/charts/mb3r-stack/values.yaml b/charts/mb3r-stack/values.yaml
@@ -112,8 +112,17 @@ sheaft:
     pullPolicy: IfNotPresent
   podLabels: {}
   podAnnotations: {}
-  podSecurityContext: {}
-  securityContext: {}
+  podSecurityContext:
+    fsGroup: 65532
+  securityContext:
+    runAsNonRoot: true
+    runAsUser: 65532
+    runAsGroup: 65532
+    allowPrivilegeEscalation: false
+    readOnlyRootFilesystem: true
+    capabilities:
+      drop:
+        - ALL
   extraArgs: []
   env: []
   envFrom: []
