chore: Implemented restricted Pod Security Standard (#593)

- Updated controller deployment to install when Pod Security Admission is configured with restricted Pod Security Standard Signed-off-by: Rashed Kamal <[email protected]>
vmware-tanzu · Oct 23, 2023 · ec445b9 · ec445b9
1 parent 7a3a919
commit ec445b9
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 2 deletions.
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -42,9 +42,11 @@ spec:
           allowPrivilegeEscalation: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+              type: RuntimeDefault
           capabilities:
             drop:
-            - all
+            - ALL
       volumes:
       - name: cache-volume
         emptyDir: {}

diff --git a/dist/cartographer-conventions.yaml b/dist/cartographer-conventions.yaml
@@ -7024,9 +7024,11 @@ spec:
           allowPrivilegeEscalation: false
           capabilities:
             drop:
-            - all
+            - ALL
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert