add seccomp of RuntimeDefault on mcad manager pod

project-codeflare · May 6, 2024 · dc0ad47 · dc0ad47
1 parent cb8836d
commit dc0ad47
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 7 deletions.
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -45,13 +45,8 @@ spec:
       #               - linux
       securityContext:
         runAsNonRoot: true
-        # TODO(user): For common cases that do not require escalating privileges
-        # it is recommended to ensure that all your Pods/Containers are restrictive.
-        # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
-        # Please uncomment the following code if your project does NOT have to work on old Kubernetes
-        # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
-        # seccompProfile:
-        #   type: RuntimeDefault
+        seccompProfile:
+          type: RuntimeDefault
       containers:
       - command:
         - /manager

diff --git a/deployment/mcad-controller/templates/manager/deployment.yaml b/deployment/mcad-controller/templates/manager/deployment.yaml
@@ -16,6 +16,8 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: {{ .Values.serviceAccount }}
       terminationGracePeriodSeconds: 10
       priorityClassName: system-node-critical
@@ -99,6 +101,8 @@ spec:
     spec:
       securityContext:
         runAsNonRoot: true
+        seccompProfile:
+          type: RuntimeDefault
       serviceAccountName: {{ .Values.serviceAccount }}
       terminationGracePeriodSeconds: 10
       priorityClassName: system-node-critical