Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(manifests): Revert PSS changes in manifests #11487

Closed
wants to merge 1 commit into from
+0 −126
Closed

fix(manifests): Revert PSS changes in manifests #11487

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 0 additions & 10 deletions manifests/kustomize/base/cache/cache-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -16,16 +16,6 @@ spec:
spec:
containers:
- name: server
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
image: gcr.io/ml-pipeline/cache-server:dummy
env:
- name: DEFAULT_CACHE_STALENESS
10 changes: 0 additions & 10 deletions manifests/kustomize/base/metadata/base/metadata-envoy-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -24,13 +24,3 @@ spec:
containerPort: 9090
- name: envoy-admin
containerPort: 9901
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
10 changes: 0 additions & 10 deletions manifests/kustomize/base/metadata/base/metadata-grpc-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -23,16 +23,6 @@ spec:
# * manifests/kustomize/base/metadata/base/metadata-grpc-deployment.yaml
# * test/tag_for_hosted.sh
image: gcr.io/tfx-oss-public/ml_metadata_store_server:1.14.0
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
env:
- name: DBCONFIG_USER
valueFrom:
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/metadata-writer/metadata-writer-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -22,14 +22,4 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
serviceAccountName: kubeflow-pipelines-metadata-writer
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/ml-pipeline-apiserver-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -156,16 +156,6 @@ spec:
failureThreshold: 12
periodSeconds: 5
timeoutSeconds: 2
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
resources:
requests:
cpu: 250m
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/ml-pipeline-persistenceagent-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -37,16 +37,6 @@ spec:
volumeMounts:
- mountPath: /var/run/secrets/kubeflow/tokens
name: persistenceagent-sa-token
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
serviceAccountName: ml-pipeline-persistenceagent
volumes:
- name: persistenceagent-sa-token
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/ml-pipeline-scheduledworkflow-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -31,14 +31,4 @@ spec:
configMapKeyRef:
name: pipeline-install-config
key: cronScheduleTimezone
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
serviceAccountName: ml-pipeline-scheduledworkflow
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/ml-pipeline-ui-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -29,16 +29,6 @@ spec:
- name: config-volume
mountPath: /etc/config
readOnly: true
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
env:
- name: VIEWER_TENSORBOARD_POD_TEMPLATE_SPEC_PATH
value: /etc/config/viewer-pod-template.json
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/ml-pipeline-viewer-crd-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -26,14 +26,4 @@ spec:
valueFrom:
fieldRef:
fieldPath: metadata.namespace
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
serviceAccountName: ml-pipeline-viewer-crd-service-account
10 changes: 0 additions & 10 deletions manifests/kustomize/base/pipeline/ml-pipeline-visualization-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -46,16 +46,6 @@ spec:
initialDelaySeconds: 3
periodSeconds: 5
timeoutSeconds: 2
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
resources:
requests:
cpu: 30m
4 changes: 0 additions & 4 deletions manifests/kustomize/third-party/argo/base/workflow-controller-deployment-patch.yaml
View file
Original file line number Diff line number Diff line change
@@ -13,10 +13,6 @@ spec:
- workflow-controller-configmap
- --executor-image
- gcr.io/ml-pipeline/argoexec:v3.4.17-license-compliance
securityContext:
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
resources:
requests:
cpu: 100m
2 changes: 0 additions & 2 deletions manifests/kustomize/third-party/metacontroller/base/stateful-set.yaml
View file
Original file line number Diff line number Diff line change
@@ -30,8 +30,6 @@ spec:
- --zap-log-level=4
- '--discovery-interval=3600s' # less insane than 10 seconds
securityContext:
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
10 changes: 0 additions & 10 deletions manifests/kustomize/third-party/minio/base/minio-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -34,16 +34,6 @@ spec:
name: minio
ports:
- containerPort: 9000
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /data
name: data
10 changes: 0 additions & 10 deletions manifests/kustomize/third-party/mysql/base/mysql-deployment.yaml
View file
Original file line number Diff line number Diff line change
@@ -53,16 +53,6 @@ spec:
ports:
- containerPort: 3306
name: mysql
securityContext:
allowPrivilegeEscalation: false
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
runAsUser: 1000
runAsGroup: 0
capabilities:
drop:
- ALL
volumeMounts:
- mountPath: /var/lib/mysql
name: mysql-persistent-storage