Merge pull request kubernetes-sigs#1240 from jcpunk/pss-restricted

Permit running under PodSecurity restricted
platform9 · Apr 11, 2023 · 4c8cd70 · 4c8cd70
2 parents c1fbc9e + 2d8d46c
commit 4c8cd70
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/charts/metrics-server/values.yaml b/charts/metrics-server/values.yaml
@@ -56,6 +56,11 @@ securityContext:
   readOnlyRootFilesystem: true
   runAsNonRoot: true
   runAsUser: 1000
+  seccompProfile:
+    type: RuntimeDefault
+  capabilities:
+    drop:
+      - ALL
 
 priorityClassName: system-cluster-critical
 

diff --git a/manifests/base/deployment.yaml b/manifests/base/deployment.yaml
@@ -54,6 +54,11 @@ spec:
           runAsNonRoot: true
           runAsUser: 1000
           allowPrivilegeEscalation: false
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+              - ALL
         volumeMounts:
         - name: tmp-dir
           mountPath: /tmp