refactor(helm): add default seccompProfile

Signed-off-by: Zemtsov Vladimir <[email protected]>
projectcapsule · Feb 10, 2023 · 60d4f62 · 60d4f62
1 parent 81709b4
commit 60d4f62
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 1 deletion.
diff --git a/charts/capsule/README.md b/charts/capsule/README.md
@@ -72,7 +72,7 @@ Here the values you can override:
 | mutatingWebhooksTimeoutSeconds | int | `30` | Timeout in seconds for mutating webhooks |
 | nodeSelector | object | `{}` | Set the node selector for the Capsule pod |
 | podAnnotations | object | `{}` | Annotations to add to the capsule pod. |
-| podSecurityContext | object | `{"runAsGroup":1002,"runAsNonRoot":true,"runAsUser":1002}` | Set the securityContext for the Capsule pod |
+| podSecurityContext | object | `{"runAsGroup":1002,"runAsNonRoot":true,"runAsUser":1002,"seccompProfile":{"type":"RuntimeDefault"}}` | Set the securityContext for the Capsule pod |
 | podSecurityPolicy.enabled | bool | `false` | Specify if a Pod Security Policy must be created |
 | priorityClassName | string | `""` | Set the priority class name of the Capsule pod |
 | replicaCount | int | `1` | Set the replica count for capsule pod |

diff --git a/charts/capsule/values.yaml b/charts/capsule/values.yaml
@@ -79,6 +79,8 @@ priorityClassName: '' # system-cluster-critical
 
 # -- Set the securityContext for the Capsule pod
 podSecurityContext:
+  seccompProfile:
+    type: "RuntimeDefault"
   runAsGroup: 1002
   runAsNonRoot: true
   runAsUser: 1002