scottk/homelab
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/homelab.git synced 2025-10-31 01:47:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(netbird-dashboard): harden security

Browse Source
This commit is contained in:
Vegard Hagen
2025-01-05 14:59:24 +01:00
parent c9ffd698c8
commit 1c585e2ce4
1 changed files with 34 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

53
k8s/infra/vpn/netbird/dashboard/deployment.yaml
View File

@@ -12,23 +12,38 @@ spec:
labels: labels:
app.kubernetes.io/name: dashboard app.kubernetes.io/name: dashboard
spec: spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers: containers:
- name: dashboard - name: dashboard
image: docker.io/netbirdio/dashboard:v2.8.2 # renovate: docker=docker.io/netbirdio/dashboard image: docker.io/netbirdio/dashboard:v2.8.2 # renovate: docker=docker.io/netbirdio/dashboard
envFrom: securityContext:
- configMapRef: allowPrivilegeEscalation: false
name: dashboard-config readOnlyRootFilesystem: false
ports: capabilities:
- name: http drop: [ ALL ]
containerPort: 80 add: [ NET_BIND_SERVICE, CHOWN, SETGID, SETUID, DAC_OVERRIDE ]
readinessProbe: envFrom:
httpGet: - configMapRef:
path: / name: dashboard-config
port: http ports:
resources: - name: http
requests: containerPort: 80
memory: 32Mi volumeMounts:
cpu: 10m - name: tmp
limits: mountPath: /tmp
memory: 128Mi readinessProbe:
cpu: 2000m httpGet:
path: /
port: http
resources:
requests:
memory: 32Mi
cpu: 10m
limits:
memory: 128Mi
cpu: 2000m
volumes:
- name: tmp
emptyDir: { }