3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-06-02 02:42:57 +02:00
Code Issues Projects Releases Packages Wiki Activity
pomerium/k8s/zero/deployment/no-root.yaml
Denis Mishin c84a251c93
zero/k8s: deployment manifests (#4763) 
* zero/k8s: deployment manifests

* convert to statefulset so that it has persistent volume claim

* use standard ports to avoid config customization for k8s

* add XDG_DATA_HOME mapping
2024-01-08 12:08:14 -05:00

22 lines
491 B
YAML
Raw Blame History

apiVersion: apps/v1
kind: StatefulSet
metadata:
name: pomerium
spec:
template:
spec:
securityContext:
fsGroup: 1000
runAsNonRoot: true
runAsGroup: 1000
runAsUser: 1000
sysctls:
- name: net.ipv4.ip_unprivileged_port_start
value: "80"
containers:
- name: pomerium
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
Reference in a new issue View git blame Copy permalink