From 9e059541ef9fb3e23bb614f697a9e5949df139e6 Mon Sep 17 00:00:00 2001 From: Craig Newton Date: Tue, 5 Mar 2024 15:50:14 +0100 Subject: [PATCH] chore: fix PodSecurity warning Signed-off-by: Craig Newton --- manifests/base/argo-rollouts-deployment.yaml | 8 ++++++++ manifests/install.yaml | 8 ++++++++ manifests/namespace-install.yaml | 8 ++++++++ 3 files changed, 24 insertions(+) diff --git a/manifests/base/argo-rollouts-deployment.yaml b/manifests/base/argo-rollouts-deployment.yaml index 57f4b516a0..046a1a0bba 100644 --- a/manifests/base/argo-rollouts-deployment.yaml +++ b/manifests/base/argo-rollouts-deployment.yaml @@ -44,6 +44,14 @@ spec: failureThreshold: 3 successThreshold: 1 timeoutSeconds: 4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true strategy: diff --git a/manifests/install.yaml b/manifests/install.yaml index 99f2e34a3b..444be4cf4a 100755 --- a/manifests/install.yaml +++ b/manifests/install.yaml @@ -16051,6 +16051,14 @@ spec: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: argo-rollouts diff --git a/manifests/namespace-install.yaml b/manifests/namespace-install.yaml index 08637705cb..0a7adf80ed 100644 --- a/manifests/namespace-install.yaml +++ b/manifests/namespace-install.yaml @@ -413,6 +413,14 @@ spec: periodSeconds: 5 successThreshold: 1 timeoutSeconds: 4 + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: argo-rollouts