Update main.tf - 4.10.1 + runAsNonRoot

mathieu-benoit · web-flow · commit 3ef44df12d5a · 2024-06-20T19:31:29.000-04:00
diff --git a/modules/base/main.tf b/modules/base/main.tf
@@ -171,7 +171,7 @@ resource "helm_release" "ingress_nginx" {
   repository       = "https://kubernetes.github.io/ingress-nginx"
 
   chart   = "ingress-nginx"
-  version = "4.10.0"
+  version = "4.10.1"
   wait    = true
   timeout = 600
 
@@ -187,5 +187,40 @@ resource "helm_release" "ingress_nginx" {
     value = var.ingress_nginx_min_unavailable
   }
 
+  set {
+    name  = "controller.containerSecurityContext.runAsUser"
+    value = 101
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.runAsGroup"
+    value = 101
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.allowPrivilegeEscalation"
+    value = false
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.readOnlyRootFilesystem"
+    value = false
+  }
+
+  set {
+    name  = "controller.containerSecurityContext.runAsNonRoot"
+    value = true
+  }
+
+  set_list {
+    name  = "controller.containerSecurityContext.capabilities.drop"
+    value = ["ALL"]
+  }
+
+  set_list {
+    name  = "controller.containerSecurityContext.capabilities.add"
+    value = ["NET_BIND_SERVICE"]
+  }
+
   depends_on = [module.aws_eks.eks_managed_node_groups]
 }
