Specify securityContext for cert-manager (#9404)
On hardening environments, cert-manager pods could not be created from the corresponding deployments. This adds the securityContext to solve the issue.
This commit is contained in:
parent
ccbe38f78c
commit
0374a55eb3
1 changed files with 15 additions and 0 deletions
|
@ -870,6 +870,11 @@ spec:
|
||||||
fieldPath: metadata.namespace
|
fieldPath: metadata.namespace
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: ['ALL']
|
||||||
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
{% if cert_manager_tolerations %}
|
{% if cert_manager_tolerations %}
|
||||||
tolerations:
|
tolerations:
|
||||||
{{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
|
{{ cert_manager_tolerations | to_nice_yaml(indent=2) | indent(width=8) }}
|
||||||
|
@ -944,6 +949,11 @@ spec:
|
||||||
protocol: TCP
|
protocol: TCP
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: ['ALL']
|
||||||
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
env:
|
env:
|
||||||
- name: POD_NAMESPACE
|
- name: POD_NAMESPACE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
@ -1040,6 +1050,11 @@ spec:
|
||||||
failureThreshold: 3
|
failureThreshold: 3
|
||||||
securityContext:
|
securityContext:
|
||||||
allowPrivilegeEscalation: false
|
allowPrivilegeEscalation: false
|
||||||
|
capabilities:
|
||||||
|
drop: ['ALL']
|
||||||
|
runAsNonRoot: true
|
||||||
|
seccompProfile:
|
||||||
|
type: RuntimeDefault
|
||||||
env:
|
env:
|
||||||
- name: POD_NAMESPACE
|
- name: POD_NAMESPACE
|
||||||
valueFrom:
|
valueFrom:
|
||||||
|
|
Loading…
Reference in a new issue