Skip to content

Commit

Permalink
add required values for pss policies
Browse files Browse the repository at this point in the history
  • Loading branch information
@bdehri
bdehri committed Jul 10, 2023
1 parent 8a7b9dc commit 73410cb
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

## [Unreleased]

### Fixed

- Add required values for pss policies.

## [1.9.1] - 2023-06-28

### Added
Expand Down
20 changes: 20 additions & 0 deletions helm/aws-pod-identity-webhook/values.schema.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,6 +60,10 @@
"type": "string"
}
}
},
"runAsNonRoot": {
"type": "boolean",
"default": true
}
}
},
Expand Down Expand Up @@ -120,6 +124,22 @@
"type": "string"
}
}
},
"allowPrivilegeEscalation": {
"type": "boolean",
"default": false
},
"capabilities":{
"type": "object",
"properties": {
"drop": {
"type": "array",
"items": {
"type": "string"
},
"default": ["ALL"]
}
}
}
}
},
Expand Down
5 changes: 5 additions & 0 deletions helm/aws-pod-identity-webhook/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,6 +50,7 @@ restarter:

# Add seccomp to pod security context
podSecurityContext:
runAsNonRoot: true
runAsUser: 1000
seccompProfile:
type: RuntimeDefault
Expand All @@ -58,3 +59,7 @@ podSecurityContext:
securityContext:
seccompProfile:
type: RuntimeDefault
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL

0 comments on commit 73410cb

Please sign in to comment.