diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 72bfa0df..58e6088a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -49,6 +49,13 @@ spec: image: controller:latest imagePullPolicy: IfNotPresent name: initialization + securityContext: + seccompProfile: + type: RuntimeDefault + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" containers: - command: - /manager diff --git a/manifest/deployment-agentless.yaml b/manifest/deployment-agentless.yaml index 8c486e0b..58ed7753 100644 --- a/manifest/deployment-agentless.yaml +++ b/manifest/deployment-agentless.yaml @@ -87,6 +87,13 @@ spec: value: "true" image: docker.io/projectsveltos/addon-controller:main name: initialization + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: addon-controller diff --git a/manifest/deployment-shard.yaml b/manifest/deployment-shard.yaml index ed99770c..80bdb3f8 100644 --- a/manifest/deployment-shard.yaml +++ b/manifest/deployment-shard.yaml @@ -87,6 +87,13 @@ spec: value: "true" image: docker.io/projectsveltos/addon-controller:main name: initialization + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: addon-controller diff --git a/manifest/manifest.yaml b/manifest/manifest.yaml index b2ba5953..96deccfe 100644 --- a/manifest/manifest.yaml +++ b/manifest/manifest.yaml @@ -8178,6 +8178,13 @@ spec: value: "true" image: docker.io/projectsveltos/addon-controller:main name: initialization + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + seccompProfile: + type: RuntimeDefault securityContext: runAsNonRoot: true serviceAccountName: addon-controller