feat: Add security context

manifests/deployment.yaml

@@ -18,12 +18,17 @@ spec:
         kubectl.kubernetes.io/default-container: lldap-controller
     spec:
       serviceAccountName: lldap-controller
-      securityContext: {}
+      securityContext:
+        runAsNonRoot: true
+        runAsUser: 1000
+        runAsGroup: 1000
+        fsGroup: 1000
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: lldap-controller
           image: '{{ index .images "lldap-controller" }}'
           imagePullPolicy: IfNotPresent
-          securityContext: {}
           resources:
             limits:
               cpu: 200m
@@ -43,9 +48,15 @@ spec:
             - name: LLDAP_USERNAME
               value: admin
             - name: LLDAP_PASSWORD_FILE
-              value: /secrets/credentials/lldap-ldap-user-pass
+              value: /secrets/credentials/admin-pass
             - name: LLDAP_BIND_DN
               value: uid={username},ou=people,dc=huizinga,dc=dev
+          securityContext:
+            allowPrivilegeEscalation: false
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
       volumes:
         - name: credentials
           secret: