From 5c50c27f2cb9c2d663bf366598fe4168bce98ea2 Mon Sep 17 00:00:00 2001
From: RMcVelia <rick.mcvelia@gmail.com>
Date: Fri, 7 Feb 2025 14:56:10 +0000
Subject: [PATCH] security improvements for maintenance template

As per ITHC, set below for maintenance app deployment
-allowPrivilegeEscalation: false
-runAsNonRoot: true
---
 .../manifests/maintenance/deployment_maintenance.yml.tmpl      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/templates/new_service/maintenance_page/manifests/maintenance/deployment_maintenance.yml.tmpl b/templates/new_service/maintenance_page/manifests/maintenance/deployment_maintenance.yml.tmpl
index 96155e65..bac9cb73 100644
--- a/templates/new_service/maintenance_page/manifests/maintenance/deployment_maintenance.yml.tmpl
+++ b/templates/new_service/maintenance_page/manifests/maintenance/deployment_maintenance.yml.tmpl
@@ -20,6 +20,9 @@ spec:
       containers:
       - name: #SERVICE_NAME#-maintenance
         image: #DOCKER_REPOSITORY#-maintenance:#MAINTENANCE_IMAGE_TAG#
+        securityContext:
+          allowPrivilegeEscalation: false
+          runAsNonRoot: true
         ports:
         - containerPort: 8080
         resources: