From c72c30a9c45d7724751528c6bb9fbc3d68eb7ea5 Mon Sep 17 00:00:00 2001 From: John Mazzitelli Date: Mon, 22 Aug 2022 18:07:59 -0400 Subject: [PATCH] add seccompProfile setting --- .../1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml | 2 ++ .../kiali-ossm/manifests/kiali.clusterserviceversion.yaml | 4 +++- .../1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml | 2 ++ .../default/kiali-deploy/templates/kubernetes/deployment.yaml | 2 ++ .../default/kiali-deploy/templates/openshift/deployment.yaml | 2 ++ 5 files changed, 11 insertions(+), 1 deletion(-) diff --git a/manifests/kiali-community/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml b/manifests/kiali-community/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml index 3999e85d..7540f454 100644 --- a/manifests/kiali-community/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml +++ b/manifests/kiali-community/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml @@ -207,6 +207,8 @@ spec: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true + seccompProfile: + type: RuntimeDefault capabilities: drop: - ALL diff --git a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml index ef9a3474..8e889111 100644 --- a/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml +++ b/manifests/kiali-ossm/manifests/kiali.clusterserviceversion.yaml @@ -241,6 +241,8 @@ spec: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true + seccompProfile: + type: RuntimeDefault capabilities: drop: - ALL @@ -275,7 +277,7 @@ spec: - name: RELATED_IMAGE_kiali_default value: "registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8${KIALI_1_48_TAG}" - name: RELATED_IMAGE_kiali_v1_48 - value: "registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8${KIALI_1_48_TAG}" + value: "registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8${KIALI_1_48_TAG}" - name: RELATED_IMAGE_kiali_v1_36 value: "registry-proxy.engineering.redhat.com/rh-osbs/openshift-service-mesh-kiali-rhel8${KIALI_1_36_TAG}" - name: RELATED_IMAGE_kiali_v1_24 diff --git a/manifests/kiali-upstream/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml b/manifests/kiali-upstream/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml index 662884eb..4bbd40ec 100644 --- a/manifests/kiali-upstream/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml +++ b/manifests/kiali-upstream/1.56.0/manifests/kiali.v1.56.0.clusterserviceversion.yaml @@ -207,6 +207,8 @@ spec: allowPrivilegeEscalation: false privileged: false runAsNonRoot: true + seccompProfile: + type: RuntimeDefault capabilities: drop: - ALL diff --git a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml index 40b527cf..62bdd509 100644 --- a/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml +++ b/roles/default/kiali-deploy/templates/kubernetes/deployment.yaml @@ -60,6 +60,8 @@ spec: privileged: false readOnlyRootFilesystem: true runAsNonRoot: true + seccompProfile: + type: RuntimeDefault capabilities: drop: - ALL diff --git a/roles/default/kiali-deploy/templates/openshift/deployment.yaml b/roles/default/kiali-deploy/templates/openshift/deployment.yaml index 05aa5e3c..110dda10 100644 --- a/roles/default/kiali-deploy/templates/openshift/deployment.yaml +++ b/roles/default/kiali-deploy/templates/openshift/deployment.yaml @@ -60,6 +60,8 @@ spec: privileged: false readOnlyRootFilesystem: true runAsNonRoot: true + seccompProfile: + type: RuntimeDefault capabilities: drop: - ALL