refactor: migrate Kubernetes resources to modern API and security standards

appleboy · appleboy · commit 1bd87dc4c285 · 2025-11-06T11:54:19.000+08:00
- Update Ingress resource to use networking.k8s.io/v1 API version and new service field syntax
- Add securityContext to gorush and redis deployments to enhance container security

Signed-off-by: Bo-Yi Wu &lt;appleboy.tw@gmail.com&gt;
diff --git a/k8s/gorush-aws-alb-ingress.yaml b/k8s/gorush-aws-alb-ingress.yaml
@@ -1,4 +1,4 @@
-apiVersion: extensions/v1beta1
+apiVersion: networking.k8s.io/v1
 kind: Ingress
 metadata:
   name: gorush
@@ -15,6 +15,9 @@ spec:
       http:
         paths:
           - path: /
+            pathType: Prefix
             backend:
-              serviceName: gorush
-              servicePort: 8088
+              service:
+                name: gorush
+                port:
+                  number: 8088
diff --git a/k8s/gorush-deployment.yaml b/k8s/gorush-deployment.yaml
@@ -21,6 +21,14 @@ spec:
           imagePullPolicy: Always
           ports:
             - containerPort: 8088
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 1000
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: false
           resources:
             requests:
               cpu: "250m"
diff --git a/k8s/gorush-redis-deployment.yaml b/k8s/gorush-redis-deployment.yaml
@@ -22,6 +22,14 @@ spec:
           image: redis:7
           ports:
             - containerPort: 6379
+          securityContext:
+            capabilities:
+              drop:
+                - ALL
+            runAsNonRoot: true
+            runAsUser: 999
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: false
           resources:
             requests:
               cpu: "250m"
