From db9b2d02459bbf7ccf65e6f1d763db02b79f3aa6 Mon Sep 17 00:00:00 2001
From: Hugo CAMPION <hugosxm@gmail.com>
Date: Tue, 3 Mar 2026 01:22:28 +0100
Subject: [PATCH] Chore: add security context, liveness probe and config mount
 to k8s deployment example (#6375)

Signed-off-by: CAMPION Hugo <h.campion@geco-it.fr>
Co-authored-by: shamoon <4887959+shamoon@users.noreply.github.com>
---
 docs/installation/k8s.md | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/docs/installation/k8s.md b/docs/installation/k8s.md
index 172b9b295..010a8749e 100644
--- a/docs/installation/k8s.md
+++ b/docs/installation/k8s.md
@@ -223,13 +223,33 @@ spec:
         - name: homepage
           image: "ghcr.io/gethomepage/homepage:latest"
           imagePullPolicy: Always
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 1000
+            runAsGroup: 1000
+            seccompProfile:
+              type: RuntimeDefault
           env:
+            - name: MY_POD_IP
+              valueFrom:
+                fieldRef:
+                  fieldPath: status.podIP
             - name: HOMEPAGE_ALLOWED_HOSTS
-              value: gethomepage.dev # required, may need port. See gethomepage.dev/installation/#homepage_allowed_hosts
+              value: "$(MY_POD_IP):3000,gethomepage.dev" # See gethomepage.dev/installation/#homepage_allowed_hosts . Value before the comma is required for the k8s probe
           ports:
             - name: http
               containerPort: 3000
               protocol: TCP
+          livenessProbe:
+            httpGet:
+              path: /api/healthcheck
+              port: http
+            initialDelaySeconds: 5
+            periodSeconds: 15
           volumeMounts:
             - mountPath: /app/config/custom.js
               name: homepage-config