update examples

2025-04-18 02:06:52 +00:00 · 2019-06-24 18:51:11 -07:00 · 2019-06-24 18:51:11 -07:00 · 82d0cdb07e
commit 82d0cdb07e
parent 4d6f07c34a
3 changed files with 46 additions and 28 deletions
--- a/examples/demo/security_context/busybox.yaml
+++ b/examples/demo/security_context/busybox.yaml
@ -1,26 +0,0 @@
-apiVersion: apps/v1
-kind: Deployment
-metadata:
-  name: psp-demo
-  labels:
-    app.type: prod
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      app: psp
-  template:
-    metadata:
-      labels:
-        app: psp
-    spec:
-      volumes:
-      - name: sec-ctx-vol
-        emptyDir: {}
-      containers:
-      - name: sec-ctx-demo
-        image: busybox
-        command: [ "sh", "-c", "sleep 1h" ]
-        volumeMounts:
-        - name: sec-ctx-vol
-          mountPath: /data/demo
--- a/examples/demo/security_context/nginx.yaml
+++ b/examples/demo/security_context/nginx.yaml
@ -0,0 +1,45 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: psp-demo
+  labels:
+    app.type: prod
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: psp
+  template:
+    metadata:
+      labels:
+        app: psp
+    spec:
+      containers:
+      - name: sec-ctx
+        image: nginx
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: psp-demo-unprivileged
+  labels:
+    app.type: prod
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: psp
+  template:
+    metadata:
+      labels:
+        app: psp
+    spec:
+      volumes:
+      - name: sec-ctx-vol
+        emptyDir: {}
+      containers:
+      - name: sec-ctx-unprivileged
+        image: nginxinc/nginx-unprivileged
+        volumeMounts:
+        - name: sec-ctx-vol
+          mountPath: /data/demo
--- a/examples/demo/security_context/policy.yaml
+++ b/examples/demo/security_context/policy.yaml
@ -17,5 +17,4 @@ spec:
          template:
            spec:
              securityContext:
-                runAsUser: 1000
-                fsGroup: 2000
+                runAsNonRoot: true