diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml index 1651271..d18ce6d 100644 --- a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/argocd-apps-postgres-exporter-secret.yaml @@ -11,9 +11,6 @@ metadata: vault.security.banzaicloud.io/vault-role: "cloud-prod" vault.security.banzaicloud.io/vault-skip-verify: "false" vault.security.banzaicloud.io/vault-path: "avroid-office" - vault.security.banzaicloud.io/run-as-non-root: "true" - vault.security.banzaicloud.io/run-as-user: "1001" - vault.security.banzaicloud.io/run-as-group: "1001" type: Opaque data: username: dmF1bHQ6dGVhbS1kZXZvcHMvZGF0YS9zZXJ2aWNlcy9tb25pdG9yaW5nL2s4cy9jbG91ZC1wcm9kL3Bvc3RncmVzLWV4cG9ydGVyI3VzZXJuYW1lCg== diff --git a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-override.yaml b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-override.yaml index 30434a7..d770eb8 100644 --- a/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-override.yaml +++ b/clusters/k8s-avroid-office.prod.local/namespaces/cloud-prod/monitoring/postgres-exporter/values-override.yaml @@ -57,6 +57,7 @@ annotations: vault.security.banzaicloud.io/run-as-non-root: "true" vault.security.banzaicloud.io/run-as-user: "1001" vault.security.banzaicloud.io/run-as-group: "1001" + vault.security.banzaicloud.io/readonly-root-fs: "true" # Labels and annotations to attach to the deployment resource deployment: @@ -68,3 +69,4 @@ deployment: vault.security.banzaicloud.io/run-as-non-root: "true" vault.security.banzaicloud.io/run-as-user: "1001" vault.security.banzaicloud.io/run-as-group: "1001" + vault.security.banzaicloud.io/readonly-root-fs: "true"