add seccomp of RuntimeDefault on mcad manager pod (#165)

dgrove-oss · web-flow · commit e91808944500 · 2024-05-06T16:44:01.000-04:00
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -45,13 +45,8 @@ spec:
       #               - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - /manager
diff --git a/deployment/mcad-controller/templates/manager/deployment.yaml b/deployment/mcad-controller/templates/manager/deployment.yaml
@@ -16,6 +16,8 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: {{ .Values.serviceAccount }}
       terminationGracePeriodSeconds: 10
       priorityClassName: system-node-critical
@@ -99,6 +101,8 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: {{ .Values.serviceAccount }}
       terminationGracePeriodSeconds: 10
       priorityClassName: system-node-critical
