From 3fbc9bbea0dcc1de2eaec969bac38b3836a7c613 Mon Sep 17 00:00:00 2001
From: Admiral <d.vanoosterhoud@gmail.com>
Date: Thu, 22 Feb 2024 16:28:58 +0100
Subject: [PATCH] Update all-resources.yml

---
 deployments/mariadb/all-resources.yml | 32 +++++++--------------------
 1 file changed, 8 insertions(+), 24 deletions(-)

diff --git a/deployments/mariadb/all-resources.yml b/deployments/mariadb/all-resources.yml
index 57e632f..cb64387 100644
--- a/deployments/mariadb/all-resources.yml
+++ b/deployments/mariadb/all-resources.yml
@@ -18,7 +18,6 @@ metadata:
   labels:
     app: mariadb
   name: mariadb
-  namespace: mariadb
 spec:
   replicas: 1
   selector:
@@ -35,19 +34,21 @@ spec:
       automountServiceAccountToken: false  # Service Account Tokens are only mounted where necessary
       securityContext:
         runAsNonRoot: true  # Containers should run as a high UID to avoid host conflict
-        runAsUser: 103306  # Using high UID to avoid conflicts
+        runAsUser: 10000  # Using high UID to avoid conflicts
         readOnlyRootFilesystem: true  # Use read-only filesystem for containers where possible
         seccompProfile:
           type: "docker/default"  # Ensure that the seccomp profile is set to docker/default or runtime/default
       containers:
-      - image: mariadb:10.6@sha256:xxxxx
+      - image: mariadb@sha256:<IMAGE_DIGEST>  # Using image digest for image
         name: mariadb
         imagePullPolicy: Always
-        runAsNonRoot: true
-          runAsUser: 10336
+        securityContext:
+          runAsNonRoot: true  # Running container as non-root
+          runAsUser: 10000  # Using high UID to avoid conflicts
+          readOnlyRootFilesystem: true  # Mounting read-only filesystem
           allowPrivilegeEscalation: false
           seccompProfile:
-          type: docker/default  # Ensure that the seccomp profile is set to docker/default or runtime/default
+            type: "docker/default"  # Ensure that the seccomp profile is set to docker/default or runtime/default
           capabilities:
             drop:
               - ALL  # Dropping all capabilities
@@ -90,21 +91,4 @@ spec:
       - name: mariadb-persistent-storage
         persistentVolumeClaim:
           claimName: mariadb-pvc
----
-apiVersion: v1
-kind: Service
-metadata:
-  labels:
-    app: mariadb
-    tier: backend
-  name: mariadb-svc
-  namespace: mariadb-svc
-spec:
-  ports:
-  - port: 3306
-    protocol: TCP
-    targetPort: 3306
-  selector:
-    app: mariadb
-    tier: backend
-  type: ClusterIP
+