Skip to content

Commit

Permalink
Add securitycontext for k8s 1.25
Browse files Browse the repository at this point in the history
For k8s 1.25, a securityContext definition is needed for a pod.
Add proper security context to pipelineloop controler and webhook

Signed-off-by: Yihong Wang <[email protected]>
  • Loading branch information
yhwang committed Jan 26, 2023
1 parent b3579dd commit 90ba362
Show file tree
Hide file tree
Showing 2 changed files with 20 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -54,3 +54,13 @@ spec:
value: config-observability
- name: METRICS_DOMAIN
value: tekton.dev/pipeline
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
Original file line number Diff line number Diff line change
Expand Up @@ -64,6 +64,16 @@ spec:
containerPort: 8008
- name: https-webhook
containerPort: 8443
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
seccompProfile:
type: RuntimeDefault
---
apiVersion: v1
kind: Service
Expand Down

0 comments on commit 90ba362

Please sign in to comment.