Merge pull request #8 from sourcebot-dev/bkellam/non-root

chore: set podSecurityContext to non-root by default

Author: brendan-kellam

charts/sourcebot/README.md

@@ -90,7 +90,7 @@ Sourcebot is a self-hosted tool that helps you understand your codebase.
 | sourcebot.podDisruptionBudget.enabled | bool | `true` | Enable Pod Disruption Budget |
 | sourcebot.podDisruptionBudget.maxUnavailable | int | `1` | Maximum number of pods that can be unavailable |
 | sourcebot.podDisruptionBudget.minAvailable | int | `1` | Minimum number of pods that must be available |
-| sourcebot.podSecurityContext | object | `{}` | Set the pod-level security context |
+| sourcebot.podSecurityContext | object | `{"fsGroup":1500,"runAsGroup":1500,"runAsNonRoot":true,"runAsUser":1500}` | Set the pod-level security context |
 | sourcebot.priorityClassName | string | `""` | Set the priority class name for pods See: https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/ |
 | sourcebot.readinessProbe.failureThreshold | int | `5` | Number of consecutive failures before marking the container as not ready |
 | sourcebot.readinessProbe.httpGet | object | `{"path":"/api/health","port":"http"}` | Http GET request to check if the container is ready |

charts/sourcebot/values.yaml

@@ -93,11 +93,11 @@ sourcebot:
     automount: false
 
   # -- Set the pod-level security context
-  podSecurityContext: {}
-  # runAsUser: 1000
-  # runAsGroup: 1000
-  # runAsNonRoot: true
-  # fsGroup: 1000
+  podSecurityContext:
+    runAsUser: 1500
+    runAsGroup: 1500
+    fsGroup: 1500
+    runAsNonRoot: true
 
   # -- Set the container-level security context
   containerSecurityContext: {}