Chore: add security context, liveness probe and config mount to k8s deployment example (#6375)

Signed-off-by: CAMPION Hugo <h.campion@geco-it.fr> Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
2026-03-03 23:50:29 -05:00 · 2026-03-03 01:22:28 +01:00 · 2026-03-03 01:22:28 +01:00 · db9b2d0245
commit db9b2d0245
parent 51d718a21a
1 changed files with 21 additions and 1 deletions
--- a/docs/installation/k8s.md
+++ b/docs/installation/k8s.md
@ -223,13 +223,33 @@ spec:
        - name: homepage
          image: "ghcr.io/gethomepage/homepage:latest"
          imagePullPolicy: Always
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 1000
+            seccompProfile:
+              type: RuntimeDefault
          env:
+            - name: MY_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
            - name: HOMEPAGE_ALLOWED_HOSTS
-              value: gethomepage.dev # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts
+              value: "$(MY_POD_IP):3000,gethomepage.dev" # See gethomepage.dev/installation/#homepage_allowed_hosts . Value before the comma is required for the k8s probe
          ports:
            - name: http
              containerPort: 3000
              protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/healthcheck
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 15
          volumeMounts:
            - mountPath: /app/config/custom.js
              name: homepage-config