chore: Remove ./ from kustomization for consistency

feat: Create namespace and set it explicitly
2025-12-23 00:50:22 +01:00 · 2025-12-23 00:49:55 +01:00
6 changed files with 27 additions and 8 deletions
--- a/manifests/cluster-role-binding.yaml
+++ b/manifests/cluster-role-binding.yaml
@@ -2,6 +2,7 @@ kind: ClusterRoleBinding
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: authelia-controller
+  namespace: authelia
 subjects:
  - kind: ServiceAccount
    name: authelia-controller
--- a/manifests/cluster-role.yaml
+++ b/manifests/cluster-role.yaml
@@ -2,6 +2,7 @@ kind: ClusterRole
 apiVersion: rbac.authorization.k8s.io/v1
 metadata:
  name: authelia-controller
+  namespace: authelia
 rules:
  - apiGroups:
      - authelia.huizinga.dev
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@@ -2,6 +2,7 @@ apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: authelia-controller
+  namespace: authelia
  labels:
    app: authelia-controller
    app.kubernetes.io/name: authelia-controller
@@ -18,12 +19,17 @@ spec:
        kubectl.kubernetes.io/default-container: authelia-controller
    spec:
      serviceAccountName: authelia-controller
-      securityContext: {}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
      containers:
        - name: authelia-controller
          image: '{{ index .images "authelia-controller" }}'
          imagePullPolicy: IfNotPresent
-          securityContext: {}
          resources:
            limits:
              cpu: 200m
@@ -34,3 +40,9 @@ spec:
          env:
            - name: RUST_LOG
              value: info,authelia_controller=debug
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
--- a/manifests/kustomization.yaml
+++ b/manifests/kustomization.yaml
@@ -1,9 +1,9 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-namespace: authelia
 resources:
-  - ./crds.yaml
-  - ./service-account.yaml
-  - ./cluster-role.yaml
-  - ./cluster-role-binding.yaml
-  - ./deployment.yaml
+  - namespace.yaml
+  - crds.yaml
+  - service-account.yaml
+  - cluster-role.yaml
+  - cluster-role-binding.yaml
+  - deployment.yaml
--- a/manifests/namespace.yaml
+++ b/manifests/namespace.yaml
@@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: authelia
--- a/manifests/service-account.yaml
+++ b/manifests/service-account.yaml
@@ -2,6 +2,7 @@ apiVersion: v1
 kind: ServiceAccount
 metadata:
  name: authelia-controller
+  namespace: authelia
  labels:
    app: authelia-controller
    app.kubernetes.io/name: authelia-controller
Author	SHA1	Message	Date
Dreaded_X	f2d3e58948	chore: Remove ./ from kustomization for consistency All checks were successful Build and deploy / build (push) Successful in 11m27s Details	2025-12-23 00:50:22 +01:00
Dreaded_X	b75561f589	feat: Create namespace and set it explicitly	2025-12-23 00:49:55 +01:00