Apply PSA changes

Drop all capabilites and add seccompProfile to comply with PSA changes from K8s v1.25
medik8s · May 9, 2023 · cf3b12c · cf3b12c
1 parent 933d5fe
commit cf3b12c
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml b/bundle/manifests/fence-agents-remediation.clusterserviceversion.yaml
@@ -249,8 +249,13 @@ spec:
                     memory: 64Mi
                 securityContext:
                   allowPrivilegeEscalation: false
+                  capabilities:
+                    drop:
+                    - ALL
               securityContext:
                 runAsNonRoot: true
+                seccompProfile:
+                  type: RuntimeDefault
               serviceAccountName: fence-agents-remediation-controller-manager
               terminationGracePeriodSeconds: 10
       permissions:

diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -25,6 +25,8 @@ spec:
         control-plane: controller-manager
     spec:
       securityContext:
+        seccompProfile:
+          type: RuntimeDefault
         runAsNonRoot: true
       containers:
       - command:
@@ -40,6 +42,9 @@ spec:
                 fieldPath: metadata.namespace
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
         livenessProbe:
           httpGet:
             path: /healthz