mirror of
https://github.com/kubernetes-sigs/node-feature-discovery.git
synced 2025-03-30 19:54:46 +00:00
Merge pull request #995 from fmuyassarov/seccomp-profile-nfd-worker
E2E: default seccompProfile to runtimeDefault for nfd worker
This commit is contained in:
Kubernetes Prow Robot
GitHub
commit
323fd5c6ec
1 changed files with 6 additions and 0 deletions
|
|
@ -271,6 +271,9 @@ func nfdWorkerSpec(opts ...SpecOption) *corev1.PodSpec {
|
||||||
RunAsNonRoot: &yes,
|
RunAsNonRoot: &yes,
|
||||||
ReadOnlyRootFilesystem: &yes,
|
ReadOnlyRootFilesystem: &yes,
|
||||||
AllowPrivilegeEscalation: &no,
|
AllowPrivilegeEscalation: &no,
|
||||||
|
SeccompProfile: &corev1.SeccompProfile{
|
||||||
|
Type: corev1.SeccompProfileTypeRuntimeDefault,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
VolumeMounts: []corev1.VolumeMount{
|
VolumeMounts: []corev1.VolumeMount{
|
||||||
{
|
{
|
||||||
|
|
@ -387,6 +390,9 @@ func NFDTopologyUpdaterSpec(kc utils.KubeletConfig, opts ...SpecOption) *corev1.
|
||||||
RunAsUser: pointer.Int64(0),
|
RunAsUser: pointer.Int64(0),
|
||||||
ReadOnlyRootFilesystem: pointer.Bool(true),
|
ReadOnlyRootFilesystem: pointer.Bool(true),
|
||||||
AllowPrivilegeEscalation: pointer.Bool(false),
|
AllowPrivilegeEscalation: pointer.Bool(false),
|
||||||
|
SeccompProfile: &corev1.SeccompProfile{
|
||||||
|
Type: corev1.SeccompProfileTypeRuntimeDefault,
|
||||||
|
},
|
||||||
},
|
},
|
||||||
VolumeMounts: []corev1.VolumeMount{
|
VolumeMounts: []corev1.VolumeMount{
|
||||||
{
|
{
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue