Specify securityContext for cert-manager (#9404)
On hardening environments, cert-manager pods could not be created from the corresponding deployments. This adds the securityContext to solve the issue.
This commit is contained in:
parent
ccbe38f78c
commit
0374a55eb3
1 changed files with 15 additions and 0 deletions
|
@ -870,6 +870,11 @@ spec:
|
|||
fieldPath: metadata.namespace
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
{% if cert_manager_tolerations %}
|
||||
tolerations:
|
||||
{{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
|
||||
|
@ -944,6 +949,11 @@ spec:
|
|||
protocol: TCP
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
|
@ -1040,6 +1050,11 @@ spec:
|
|||
failureThreshold: 3
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop: ['ALL']
|
||||
runAsNonRoot: true
|
||||
seccompProfile:
|
||||
type: RuntimeDefault
|
||||
env:
|
||||
- name: POD_NAMESPACE
|
||||
valueFrom:
|
||||
|
|
Loading…
Reference in a new issue