From ea39e29fdf4a563f331a20e9d5282a77a575c578 Mon Sep 17 00:00:00 2001
From: Joseffus Santos <joseffus.santos@inspection.gc.ca>
Date: Wed, 20 Nov 2024 02:26:21 +0000
Subject: [PATCH] 462 nachet detector security context

---
 .../apps/nachet/base/nachet-rcnn-model-deployment.yaml | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml b/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml
index 0ae6c15b..e5053b6e 100644
--- a/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml
+++ b/kubernetes/aks/apps/nachet/base/nachet-rcnn-model-deployment.yaml
@@ -20,10 +20,14 @@ spec:
         app: nachet-rcnn-detector
     spec:
       securityContext:
-        runAsNonRoot: true
+        runAsNonRoot: false
         runAsUser: 1000
-        runAsGroup: 3000
-        fsGroup: 2000
+        runAsGroup: 1000
+        readOnlyRootFilesystem: false
+        allowPrivilegeEscalation: false
+        capabilities:
+          drop:
+            - ALL
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution: