From def1fdaf031b96763568f91f416b49229fb355d0 Mon Sep 17 00:00:00 2001 From: Joe Bowbeer Date: Thu, 1 Sep 2022 09:50:44 -0700 Subject: [PATCH] feat: add seccompProfile Signed-off-by: Joe Bowbeer --- CHANGELOG.md | 2 +- config/manager/manager.yaml | 2 ++ config/metrics-server/deployment.yaml | 4 +++- 3 files changed, 6 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 114108ab41c..922094cd028 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -44,7 +44,7 @@ To learn more about active deprecations, we recommend checking [GitHub Discussio ### Improvements -- TODO ([#XXX](https://github.com/kedacore/keda/issue/XXX)) +- **General:** Add explicit seccompProfile type to securityContext config ([#3561](https://github.com/kedacore/keda/issues/3561)) ### Fixes diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index f302c668c49..12e57b1d47a 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -68,6 +68,8 @@ spec: - ALL allowPrivilegeEscalation: false readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault terminationGracePeriodSeconds: 10 nodeSelector: kubernetes.io/os: linux diff --git a/config/metrics-server/deployment.yaml b/config/metrics-server/deployment.yaml index f9b382b3e23..f18fcccd3cf 100644 --- a/config/metrics-server/deployment.yaml +++ b/config/metrics-server/deployment.yaml @@ -70,8 +70,10 @@ spec: drop: - ALL allowPrivilegeEscalation: false - ## Metrics server needs to write the self-signed cert so it's not possible set this + ## Metrics server needs to write the self-signed cert. See FAQ for discussion of options. # readOnlyRootFilesystem: true + seccompProfile: + type: RuntimeDefault nodeSelector: kubernetes.io/os: linux volumes: