feat: added security context placeholder

Alan Nix · Alan Nix · commit edc00b6734ea · 2022-11-15T16:16:00.000-05:00
diff --git a/lacework_cluster.tf b/lacework_cluster.tf
@@ -143,6 +143,14 @@ resource "kubernetes_deployment" "lacework_k8s_collector" {
             }
           }
 
+          security_context {
+            privileged                 = false
+            run_as_non_root            = true
+            run_as_user                = 5000 #TODO update to official UID
+            read_only_root_filesystem  = true
+            allow_privilege_escalation = false
+          }
+
           volume_mount {
             name       = "cfgmap"
             mount_path = "/config"

Original file line number	Diff line number	Diff line change
`@@ -143,6 +143,14 @@ resource "kubernetes_deployment" "lacework_k8s_collector" {`
`143`	`143`	`}`
`144`	`144`	`}`
`145`	`145`
	`146`	`+ security_context {`
	`147`	`+ privileged = false`
	`148`	`+ run_as_non_root = true`
	`149`	`+ run_as_user = 5000 #TODO update to official UID`
	`150`	`+ read_only_root_filesystem = true`
	`151`	`+ allow_privilege_escalation = false`
	`152`	`+ }`
	`153`	`+`
`146`	`154`	`volume_mount {`
`147`	`155`	`name = "cfgmap"`
`148`	`156`	`mount_path = "/config"`