From 9a2c17a85c1e6910801139ef2675293fed3fc1bb Mon Sep 17 00:00:00 2001
From: Admiral <d.vanoosterhoud@gmail.com>
Date: Wed, 21 Feb 2024 18:36:10 +0100
Subject: [PATCH] Update nginx-deployment.yml

Added some security-related stuff, added limits
---
 deployments/nginx/nginx-deployment.yml | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/deployments/nginx/nginx-deployment.yml b/deployments/nginx/nginx-deployment.yml
index 5dd6df9..0ab6db8 100644
--- a/deployments/nginx/nginx-deployment.yml
+++ b/deployments/nginx/nginx-deployment.yml
@@ -18,11 +18,20 @@ spec:
         tier: frontend
     spec:
       containers:
-      - image: nginx:latest
+      - image: nginx:1.25.3
         name: nginx
+        securityContext:
+          allowPrivilegeEscalation: false
+        resources:
+          limits:
+            cpu: "0.5"
+            memory: "500Mi"
+          requests:
+            cpu: "0.1"
+            memory: "100Mi"
         env:
-        - name: SECURE_SUBNET
-          value: 8.8.8.8/32 # change-me
+#        - name: SECURE_SUBNET # Gonna fix later
+#          value: 8.8.8.8/32 # change-me
         - name: KUBE_SVC_NAME
           value: wordpress-svc
         volumeMounts:
@@ -71,4 +80,4 @@ spec:
               path: wordpress.conf.template
       - name: wordpress-persistent-storage
         persistentVolumeClaim:
-          claimName: wordpress-pvc
\ No newline at end of file
+          claimName: wordpress-pvc