diff --git a/roles/download/defaults/main.yml b/roles/download/defaults/main.yml index 978a9fca9..34558f474 100644 --- a/roles/download/defaults/main.yml +++ b/roles/download/defaults/main.yml @@ -1044,7 +1044,7 @@ gcp_pd_csi_resizer_image_tag: "v0.4.0-gke.0" gcp_pd_csi_registrar_image_tag: "v1.2.0-gke.0" dashboard_image_repo: "{{ docker_image_repo }}/kubernetesui/dashboard-{{ image_arch }}" -dashboard_image_tag: "v2.6.1" +dashboard_image_tag: "v2.7.0" dashboard_metrics_scraper_repo: "{{ docker_image_repo }}/kubernetesui/metrics-scraper" dashboard_metrics_scraper_tag: "v1.0.8" diff --git a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 index d75b2cd08..b0c341926 100644 --- a/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/dashboard.yml.j2 @@ -163,6 +163,9 @@ spec: labels: k8s-app: kubernetes-dashboard spec: + securityContext: + seccompProfile: + type: RuntimeDefault priorityClassName: system-cluster-critical containers: - name: kubernetes-dashboard @@ -208,6 +211,11 @@ spec: port: 8443 initialDelaySeconds: 30 timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 volumes: - name: kubernetes-dashboard-certs secret: @@ -293,6 +301,9 @@ spec: labels: k8s-app: kubernetes-metrics-scraper spec: + securityContext: + seccompProfile: + type: RuntimeDefault priorityClassName: system-cluster-critical containers: - name: kubernetes-metrics-scraper @@ -307,6 +318,11 @@ spec: port: 8000 initialDelaySeconds: 30 timeoutSeconds: 30 + securityContext: + allowPrivilegeEscalation: false + readOnlyRootFilesystem: true + runAsUser: 1001 + runAsGroup: 2001 volumeMounts: - mountPath: /tmp name: tmp-volume