From 3c9a752f3137d13b67241da1317eb56a84804478 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Wed, 7 Apr 2021 21:36:03 -0700
Subject: [PATCH 1/2] Update example to latest release

---
 resources/deployment.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/resources/deployment.yaml b/resources/deployment.yaml
index 10abcb71..6dee5e57 100644
--- a/resources/deployment.yaml
+++ b/resources/deployment.yaml
@@ -19,7 +19,7 @@ spec:
       serviceAccountName: kapprover
       containers:
       - name: tls-approver
-        image: proofpoint/kapprover:0.7.0
+        image: proofpoint/kapprover:v0.14.0
         imagePullPolicy: Always
         ports:
         - containerPort: 8081

From 7ce57e6b038b868bbf9951ad500f6d358d7dbbf6 Mon Sep 17 00:00:00 2001
From: John Gardiner Myers <jgmyers@proofpoint.com>
Date: Wed, 7 Apr 2021 21:37:24 -0700
Subject: [PATCH 2/2] Add securityContext

---
 resources/deployment.yaml | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/resources/deployment.yaml b/resources/deployment.yaml
index 6dee5e57..bd10779c 100644
--- a/resources/deployment.yaml
+++ b/resources/deployment.yaml
@@ -20,7 +20,6 @@ spec:
       containers:
       - name: tls-approver
         image: proofpoint/kapprover:v0.14.0
-        imagePullPolicy: Always
         ports:
         - containerPort: 8081
           protocol: TCP
@@ -40,3 +39,9 @@ spec:
           limits:
             cpu: 100m
             memory: 50Mi
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - all
+          runAsNonRoot: true