Skip to content

Commit

Permalink
Merge pull request #29 from humanitec-architecture/mathieu-benoit-pat…
Browse files Browse the repository at this point in the history 
…ch-1

Update main.tf - 4.10.1 + runAsNonRoot
  • Loading branch information
@johanneswuerbach
johanneswuerbach authored Jun 21, 2024
2 parents 62e1608 + 3ef44df commit e32bbaa
Showing 1 changed file with 36 additions and 1 deletion.
37 changes: 36 additions & 1 deletion modules/base/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ resource "helm_release" "ingress_nginx" {
repository = "https://kubernetes.github.io/ingress-nginx"

chart = "ingress-nginx"
version = "4.10.0"
version = "4.10.1"
wait = true
timeout = 600

Expand All @@ -187,5 +187,40 @@ resource "helm_release" "ingress_nginx" {
value = var.ingress_nginx_min_unavailable
}

set {
name = "controller.containerSecurityContext.runAsUser"
value = 101
}

set {
name = "controller.containerSecurityContext.runAsGroup"
value = 101
}

set {
name = "controller.containerSecurityContext.allowPrivilegeEscalation"
value = false
}

set {
name = "controller.containerSecurityContext.readOnlyRootFilesystem"
value = false
}

set {
name = "controller.containerSecurityContext.runAsNonRoot"
value = true
}

set_list {
name = "controller.containerSecurityContext.capabilities.drop"
value = ["ALL"]
}

set_list {
name = "controller.containerSecurityContext.capabilities.add"
value = ["NET_BIND_SERVICE"]
}

depends_on = [module.aws_eks.eks_managed_node_groups]
}

0 comments on commit e32bbaa

Please sign in to comment.