Skip to content

Commit 0535aa0

Browse files
pauldotyudavidgamero
pauldotyu
and
davidgamero
authored
resolves #632 (#634)
Co-authored-by: David Gamero <[email protected]>
1 parent 6d5a4fb commit 0535aa0

File tree

8 files changed

+24
-40
lines changed

8 files changed

+24
-40
lines changed

pkg/fixtures/deployments/helm/charts/values.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -93,20 +93,18 @@ securityContext:
9393
drop:
9494
- ALL
9595
add:
96-
- SETPCAP
97-
- MKNOD
9896
- AUDIT_WRITE
9997
- CHOWN
10098
- DAC_OVERRIDE
10199
- FOWNER
102100
- FSETID
103101
- KILL
102+
- MKNOD
103+
- NET_BIND_SERVICE
104+
- SETPCAP
104105
- SETGID
105106
- SETUID
106-
- NET_BIND_SERVICE
107107
- SYS_CHROOT
108-
- SETFCAP
109-
- SYS_PTRACE
110108

111109
envVars:
112110

pkg/fixtures/deployments/kustomize/base/deployment-override-workload-identity.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -63,20 +63,18 @@ spec:
6363
drop:
6464
- ALL
6565
add:
66-
- SETPCAP
67-
- MKNOD
6866
- AUDIT_WRITE
6967
- CHOWN
7068
- DAC_OVERRIDE
7169
- FOWNER
7270
- FSETID
7371
- KILL
72+
- MKNOD
73+
- NET_BIND_SERVICE
74+
- SETPCAP
7475
- SETGID
7576
- SETUID
76-
- NET_BIND_SERVICE
7777
- SYS_CHROOT
78-
- SETFCAP
79-
- SYS_PTRACE
8078
affinity:
8179
podAntiAffinity:
8280
preferredDuringSchedulingIgnoredDuringExecution:

pkg/fixtures/deployments/kustomize/base/deployment.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -61,20 +61,18 @@ spec:
6161
drop:
6262
- ALL
6363
add:
64-
- SETPCAP
65-
- MKNOD
6664
- AUDIT_WRITE
6765
- CHOWN
6866
- DAC_OVERRIDE
6967
- FOWNER
7068
- FSETID
7169
- KILL
70+
- MKNOD
71+
- NET_BIND_SERVICE
72+
- SETPCAP
7273
- SETGID
7374
- SETUID
74-
- NET_BIND_SERVICE
7575
- SYS_CHROOT
76-
- SETFCAP
77-
- SYS_PTRACE
7876
affinity:
7977
podAntiAffinity:
8078
preferredDuringSchedulingIgnoredDuringExecution:

pkg/fixtures/deployments/manifest/manifests/deployment-override-workload-identity.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -63,20 +63,18 @@ spec:
6363
drop:
6464
- ALL
6565
add:
66-
- SETPCAP
67-
- MKNOD
6866
- AUDIT_WRITE
6967
- CHOWN
7068
- DAC_OVERRIDE
7169
- FOWNER
7270
- FSETID
7371
- KILL
72+
- MKNOD
73+
- NET_BIND_SERVICE
74+
- SETPCAP
7475
- SETGID
7576
- SETUID
76-
- NET_BIND_SERVICE
7777
- SYS_CHROOT
78-
- SETFCAP
79-
- SYS_PTRACE
8078
affinity:
8179
podAntiAffinity:
8280
preferredDuringSchedulingIgnoredDuringExecution:

pkg/fixtures/deployments/manifest/manifests/deployment.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -61,20 +61,18 @@ spec:
6161
drop:
6262
- ALL
6363
add:
64-
- SETPCAP
65-
- MKNOD
6664
- AUDIT_WRITE
6765
- CHOWN
6866
- DAC_OVERRIDE
6967
- FOWNER
7068
- FSETID
7169
- KILL
70+
- MKNOD
71+
- NET_BIND_SERVICE
72+
- SETPCAP
7273
- SETGID
7374
- SETUID
74-
- NET_BIND_SERVICE
7575
- SYS_CHROOT
76-
- SETFCAP
77-
- SYS_PTRACE
7876
affinity:
7977
podAntiAffinity:
8078
preferredDuringSchedulingIgnoredDuringExecution:

template/deployments/helm/charts/values.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -115,20 +115,18 @@ securityContext:
115115
drop:
116116
- ALL
117117
add:
118-
- SETPCAP
119-
- MKNOD
120118
- AUDIT_WRITE
121119
- CHOWN
122120
- DAC_OVERRIDE
123121
- FOWNER
124122
- FSETID
125123
- KILL
124+
- MKNOD
125+
- NET_BIND_SERVICE
126+
- SETPCAP
126127
- SETGID
127128
- SETUID
128-
- NET_BIND_SERVICE
129129
- SYS_CHROOT
130-
- SETFCAP
131-
- SYS_PTRACE
132130

133131
envVars:
134132
{{- range $key, $value := .Config.GetVariableValue "ENVVARS" }}

template/deployments/kustomize/base/deployment.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -85,20 +85,18 @@ spec:
8585
drop:
8686
- ALL
8787
add:
88-
- SETPCAP
89-
- MKNOD
9088
- AUDIT_WRITE
9189
- CHOWN
9290
- DAC_OVERRIDE
9391
- FOWNER
9492
- FSETID
9593
- KILL
94+
- MKNOD
95+
- NET_BIND_SERVICE
96+
- SETPCAP
9697
- SETGID
9798
- SETUID
98-
- NET_BIND_SERVICE
9999
- SYS_CHROOT
100-
- SETFCAP
101-
- SYS_PTRACE
102100
affinity:
103101
podAntiAffinity:
104102
preferredDuringSchedulingIgnoredDuringExecution:

template/deployments/manifests/manifests/deployment.yaml

Lines changed: 3 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -85,20 +85,18 @@ spec:
8585
drop:
8686
- ALL
8787
add:
88-
- SETPCAP
89-
- MKNOD
9088
- AUDIT_WRITE
9189
- CHOWN
9290
- DAC_OVERRIDE
9391
- FOWNER
9492
- FSETID
9593
- KILL
94+
- MKNOD
95+
- NET_BIND_SERVICE
96+
- SETPCAP
9697
- SETGID
9798
- SETUID
98-
- NET_BIND_SERVICE
9999
- SYS_CHROOT
100-
- SETFCAP
101-
- SYS_PTRACE
102100
affinity:
103101
podAntiAffinity:
104102
preferredDuringSchedulingIgnoredDuringExecution:

0 commit comments

Comments
 (0)