From 9359eb42d07c8c7b7f7326668fd0a46f7c31e000 Mon Sep 17 00:00:00 2001
From: "iacbot-demo[bot]" <82255952+iacbot-demo[bot]@users.noreply.github.com>
Date: Fri, 13 Jan 2023 13:56:37 +0000
Subject: [PATCH] Lacework IaC Security fix

---
 .../hello-deployment/deployment.yaml          | 38 ++++++++++---------
 1 file changed, 20 insertions(+), 18 deletions(-)

diff --git a/kubernetes/deployments/hello-deployment/deployment.yaml b/kubernetes/deployments/hello-deployment/deployment.yaml
index 691c545..95aa1d6 100644
--- a/kubernetes/deployments/hello-deployment/deployment.yaml
+++ b/kubernetes/deployments/hello-deployment/deployment.yaml
@@ -1,22 +1,24 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
-  name: helloweb
-  labels:
-    app: hello
-spec:
-  selector:
-    matchLabels:
-      app: hello
-      tier: web
-  template:
-    metadata:
-      labels:
+    name: helloweb
+    labels:
         app: hello
-        tier: web
-    spec:
-      containers:
-      - name: hello-app
-        image: gcr.io/google-samples/hello-app:1.0
-        ports:
-        - containerPort: 8080
+spec:
+    selector:
+        matchLabels:
+            app: hello
+            tier: web
+    template:
+        metadata:
+            labels:
+                app: hello
+                tier: web
+        spec:
+            containers:
+                - name: hello-app
+                  image: gcr.io/google-samples/hello-app:1.0
+                  ports:
+                    - containerPort: 8080
+                  securityContext:
+                    allowPrivilegeEscalation: false