1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/node-feature-discovery.git synced 2024-12-15 17:50:49 +00:00
node-feature-discovery/deployment/components/common/securitycontext.yaml
Markus Lehtonen 8117c099a3 deployment: add kustomize base
Implement functionality virtually replicating deployment templates for
nfd-master and nfd-worker daemonset (nfd-master.yaml.template and
nfd-worker-daemonset.yaml.template) by adding a kustomize overlay named
"default".

We split the resources into multiple bases (rbac, master and
worker-daemonset) so that relevant parts are re-usable in
other deployment scenarios added later (e.g. "one-shot job", and
"combined daemonset").

This patch adds one component (components/common) doing the required
kustomization for the example deployment.
2021-08-18 14:05:57 +03:00

8 lines
208 B
YAML

- op: add
path: "/spec/template/spec/containers/0/securityContext"
value:
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
readOnlyRootFilesystem: true
runAsNonRoot: true