Specify securityContext for cert-manager (#9404)

On hardening environments, cert-manager pods could not be created
from the corresponding deployments. This adds the securityContext
to solve the issue.
pull/9410/head
Kenichi Omichi 2022-10-20 16:57:08 +09:00 committed by GitHub
parent ccbe38f78c
commit 0374a55eb3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 15 additions and 0 deletions

View File

@ -870,6 +870,11 @@ spec:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
{% if cert_manager_tolerations %}
tolerations:
{{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
@ -944,6 +949,11 @@ spec:
protocol: TCP
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
env:
- name: POD_NAMESPACE
valueFrom:
@ -1040,6 +1050,11 @@ spec:
failureThreshold: 3
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: ['ALL']
runAsNonRoot: true
seccompProfile:
type: RuntimeDefault
env:
- name: POD_NAMESPACE
valueFrom: