Erich Blume
de476bab45
All checks were successful
Build Container / build (push) Successful in 28s
Instead of running as root, create a dedicated navidrome user (UID 1000) in the container and use Kubernetes fsGroup to ensure PVC volumes are writable. This provides defense-in-depth against container escape attacks. - Dockerfile: add navidrome user/group (1000), set USER 1000 - Deployment: add pod securityContext (fsGroup, runAsUser, runAsGroup) - Deployment: add container securityContext (runAsNonRoot, no privilege escalation) - Bump image to v1.0.3 (v1.0.2 was built without these changes) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| changelog.d | ||
| explanation | ||
| how-to | ||
| reference | ||
| tutorials | ||
| index.md | ||
| quartz.config.ts | ||
| quartz.layout.ts | ||