UPDATE - user hostPath vol for traefik log

playbooks/templates/values.yml.j2

@@ -49,7 +49,9 @@ deployment:
         mountPath: /usr/share/filebeat/filebeat.yml
         subPath: filebeat.yml 
     securityContext:
-      runAsUser: 0
+      runAsGroup: 65532
+      runAsNonRoot: true
+      runAsUser: 65532
   
   # initContainers:
   # - name: accesslogs
@@ -118,24 +120,24 @@ ports:
 # The attack surface can further limited with "seccomp" which is stable since
 # Kubernetes v1.19 and allows to limit system calls to a bare minimum. See:
 # https://kubernetes.io/docs/tutorials/clusters/seccomp/"
-# securityContext:
-#   capabilities:
-#     drop:
-#       - ALL
-#   readOnlyRootFilesystem: true
-#   runAsGroup: 65532
-#   runAsNonRoot: true
-#   runAsUser: 65532
-
 securityContext:
   capabilities:
-    add:
+    drop:
       - ALL
-  readOnlyRootFilesystem: false
+  readOnlyRootFilesystem: true
   runAsGroup: 65532
-  runAsNonRoot: false
+  runAsNonRoot: true
   runAsUser: 65532
 
+# securityContext:
+#   capabilities:
+#     add:
+#       - ALL
+#   readOnlyRootFilesystem: false
+#   runAsGroup: 65532
+#   runAsNonRoot: false
+#   runAsUser: 65532
+
 # All processes of the container are also part of this supplementary group ID.
 podSecurityContext:
   fsGroup: 65532