diff --git a/manifests/base/argo-rollouts-deployment.yaml b/manifests/base/argo-rollouts-deployment.yaml index 57f4b516a0..046a1a0bba 100644 --- a/manifests/base/argo-rollouts-deployment.yaml +++ b/manifests/base/argo-rollouts-deployment.yaml @@ -44,6 +44,14 @@ spec: failureThreshold: 3 successThreshold: 1 timeoutSeconds: 4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true strategy: diff --git a/manifests/install.yaml b/manifests/install.yaml index 99f2e34a3b..444be4cf4a 100755 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -16051,6 +16051,14 @@ spec: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: argo-rollouts diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 08637705cb..0a7adf80ed 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -413,6 +413,14 @@ spec: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: argo-rollouts