From 384d5004ebbc9fb5c4d4d7648421a2c5998b4c7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Luk=C3=A1=C5=A1=20Trkan?= <lukas@trkan.cz>
Date: Sun, 5 Oct 2025 20:44:14 +0200
Subject: [PATCH] feat(infrastructure): automatic deploy

---
 7project/charts/myapp-chart/templates/app-deployment.yaml | 8 ++++++++
 7project/charts/myapp-chart/templates/rabbitmq-queue.yaml | 2 +-
 .../charts/myapp-chart/templates/worker-deployment.yaml   | 8 ++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/7project/charts/myapp-chart/templates/app-deployment.yaml b/7project/charts/myapp-chart/templates/app-deployment.yaml
index aab5cdc..05f6f38 100644
--- a/7project/charts/myapp-chart/templates/app-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/app-deployment.yaml
@@ -13,10 +13,18 @@ spec:
       labels:
         app: {{ .Values.app.name }}
     spec:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: {{ .Values.app.name }}
           image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
           ports:
             - containerPort: {{ .Values.app.port }}
           env:
diff --git a/7project/charts/myapp-chart/templates/rabbitmq-queue.yaml b/7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
index 5580496..0f56cfd 100644
--- a/7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
+++ b/7project/charts/myapp-chart/templates/rabbitmq-queue.yaml
@@ -2,7 +2,7 @@
 apiVersion: rabbitmq.com/v1beta1
 kind: Queue
 metadata:
-  name: {{ .Values.worker.mailQueueName }}
+  name: {{ .Values.worker.mailQueueName | replace "_" "-" | lower }}
   namespace: {{ .Values.rabbitmq.namespace | default "rabbitmq" }}
   labels:
     app.kubernetes.io/managed-by: Helm
diff --git a/7project/charts/myapp-chart/templates/worker-deployment.yaml b/7project/charts/myapp-chart/templates/worker-deployment.yaml
index ad1ca52..a339129 100644
--- a/7project/charts/myapp-chart/templates/worker-deployment.yaml
+++ b/7project/charts/myapp-chart/templates/worker-deployment.yaml
@@ -13,10 +13,18 @@ spec:
       labels:
         app: {{ printf "%s-worker" .Values.app.name }}
     spec:
+      securityContext:
+        runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       containers:
         - name: {{ printf "%s-worker" .Values.app.name }}
           image: "{{- if .Values.image.digest -}}{{ .Values.image.repository }}@{{ .Values.image.digest }}{{- else -}}{{ .Values.image.repository }}:{{ default "latest" .Values.image.tag }}{{- end -}}"
           imagePullPolicy: {{ .Values.image.pullPolicy }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop: ["ALL"]
           command:
             - celery
             - -A