From b08574487df57e7ed16a16aef3e7b19c5eb33b6c Mon Sep 17 00:00:00 2001
From: John Mazzitelli <mazz@redhat.com>
Date: Thu, 25 Aug 2022 08:46:18 -0400
Subject: [PATCH] security context - drop all capabilities (#160)

* security context - drop all capabilities

part of https://github.com/kiali/kiali/issues/5399

* add seccompProfile
---
 kiali-operator/templates/deployment.yaml | 5 +++++
 kiali-server/templates/deployment.yaml   | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/kiali-operator/templates/deployment.yaml b/kiali-operator/templates/deployment.yaml
index 8999ecc..f4ece36 100644
--- a/kiali-operator/templates/deployment.yaml
+++ b/kiali-operator/templates/deployment.yaml
@@ -48,6 +48,11 @@ spec:
           allowPrivilegeEscalation: false
           privileged: false
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
         volumeMounts:
         - mountPath: /tmp/ansible-operator/runner
           name: runner
diff --git a/kiali-server/templates/deployment.yaml b/kiali-server/templates/deployment.yaml
index 58c1c25..2083e94 100644
--- a/kiali-server/templates/deployment.yaml
+++ b/kiali-server/templates/deployment.yaml
@@ -65,6 +65,11 @@ spec:
           privileged: false
           readOnlyRootFilesystem: true
           runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL
         ports:
         - name: api-port
           containerPort: {{ .Values.server.port | default 20001 }}