diff --git a/docs/modules/ROOT/examples/tutorial/mariadb/deployment.yaml b/docs/modules/ROOT/examples/tutorial/mariadb/deployment.yaml index 68a4ca5eb..f740f9728 100644 --- a/docs/modules/ROOT/examples/tutorial/mariadb/deployment.yaml +++ b/docs/modules/ROOT/examples/tutorial/mariadb/deployment.yaml @@ -19,8 +19,18 @@ spec: annotations: k8up.io/backupcommand: /bin/bash -c 'mysqldump -uroot -p"${MARIADB_ROOT_PASSWORD}" --all-databases' spec: + securityContext: + runAsUser: 10002 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault containers: - - image: mariadb:10.4 + - image: docker.io/mariadb:10.4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL name: mariadb readinessProbe: timeoutSeconds: 1 diff --git a/docs/modules/ROOT/examples/tutorial/minio/deployment.yaml b/docs/modules/ROOT/examples/tutorial/minio/deployment.yaml index 5df38a2af..69b4fc174 100644 --- a/docs/modules/ROOT/examples/tutorial/minio/deployment.yaml +++ b/docs/modules/ROOT/examples/tutorial/minio/deployment.yaml @@ -17,12 +17,22 @@ spec: - name: data persistentVolumeClaim: claimName: minio-pvc + securityContext: + runAsUser: 10002 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault containers: - name: minio + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL volumeMounts: - name: data mountPath: "/data" - image: minio/minio + image: docker.io/minio/minio args: - server - /data diff --git a/docs/modules/ROOT/examples/tutorial/wordpress/deployment.yaml b/docs/modules/ROOT/examples/tutorial/wordpress/deployment.yaml index 2bb475298..2c11feeb5 100644 --- a/docs/modules/ROOT/examples/tutorial/wordpress/deployment.yaml +++ b/docs/modules/ROOT/examples/tutorial/wordpress/deployment.yaml @@ -17,8 +17,18 @@ spec: app: wordpress tier: frontend spec: + securityContext: + runAsUser: 10002 + runAsNonRoot: true + seccompProfile: + type: RuntimeDefault containers: - - image: wordpress:5.4-apache + - image: docker.io/wordpress:5.4-apache + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL name: wordpress env: - name: WORDPRESS_DB_HOST