fix

2023-07-26 22:33:11 +02:00
parent d0e39cbff2
commit d59d177ba8
2 changed files with 37 additions and 33 deletions
--- a/apps/code-server/deploy.tf
+++ b/apps/code-server/deploy.tf
@@ -15,6 +15,9 @@ resource "kubectl_manifest" "deploy" {
      template:
        metadata:
          labels: ${jsonencode(local.common-labels)}
+          annotations:
+            container.apparmor.security.beta.kubernetes.io/code-server: unconfined
+            container.seccomp.security.alpha.kubernetes.io/code-server: unconfined
        spec:
          securityContext:
            fsGroup: 1000
@@ -33,6 +36,7 @@ resource "kubectl_manifest" "deploy" {
              runAsNonRoot: true
              runAsUser: 1000
              privileged: true
+              procMount: unmasked
            env:
            - name: USER
              value: coder