From 67c18610cbf6fa2c4e258b5d9e07dbd4c86ee5a1 Mon Sep 17 00:00:00 2001
From: Dennis Witt <94747795+wittdennis@users.noreply.github.com>
Date: Fri, 27 Dec 2024 11:39:20 +0100
Subject: [PATCH] feat: security improvements for new foundry version

---
 argo-apps/in-cluster/foundry-app.cd.yaml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/argo-apps/in-cluster/foundry-app.cd.yaml b/argo-apps/in-cluster/foundry-app.cd.yaml
index 5c66dbc..81fb04a 100644
--- a/argo-apps/in-cluster/foundry-app.cd.yaml
+++ b/argo-apps/in-cluster/foundry-app.cd.yaml
@@ -21,6 +21,24 @@ spec:
       releaseName: test
       values: |
 
+        image:
+          tag: 13.334.0
+        podSecurityContext:
+          runAsNonRoot: true
+          runAsUser: 1000
+          runAsGroup: 1000
+          fsGroup: 1000
+          fsGroupChangePolicy: OnRootMismatch
+          seccompProfile:
+            type: RuntimeDefault
+        securityContext:
+          allowPrivilegeEscalation: false
+          readOnlyRootFilesystem: false
+          seccompProfile:
+            type: RuntimeDefault
+          runAsUser: 1000
+          runAsGroup: 1000
+          runAsNonRoot: true
         config:
           enableTelemetry: true
         existingSecret: