File tree Expand file tree Collapse file tree 16 files changed +120
-64
lines changed
pkg/plugins/common/kustomize
v1/scaffolds/internal/templates/config
v2/scaffolds/internal/templates/config
project-v3-multigroup/config
project-v3-v1beta1/config
project-v3-with-kustomize-v2/config Expand file tree Collapse file tree 16 files changed +120
-64
lines changed Original file line number Diff line number Diff line change 5757 - name: kube-rbac-proxy
5858 securityContext:
5959 allowPrivilegeEscalation: false
60- capabilities:
61- drop:
62- - ALL
60+ # TODO(user): uncomment for common cases that do not require escalating privileges
61+ # capabilities:
62+ # drop:
63+ # - "ALL"
6364 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
6465 args:
6566 - "--secure-listen-address=0.0.0.0:8443"
Original file line number Diff line number Diff line change 7272 spec:
7373 securityContext:
7474 runAsNonRoot: true
75- seccompProfile:
76- type: RuntimeDefault
75+ # TODO(user): For common cases that do not require escalating privileges
76+ # it is recommended to ensure that all your Pods/Containers are restrictive.
77+ # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
78+ # Please uncomment the following code if your project does NOT have to work on old Kubernetes
79+ # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
80+ # seccompProfile:
81+ # type: RuntimeDefault
7782 containers:
7883 - command:
7984 - /manager
8590 name: manager
8691 securityContext:
8792 allowPrivilegeEscalation: false
88- capabilities:
89- drop:
90- - ALL
93+ # TODO(user): uncomment for common cases that do not require escalating privileges
94+ # capabilities:
95+ # drop:
96+ # - "ALL"
9197 livenessProbe:
9298 httpGet:
9399 path: /healthz
Original file line number Diff line number Diff line change 5757 - name: kube-rbac-proxy
5858 securityContext:
5959 allowPrivilegeEscalation: false
60- capabilities:
61- drop:
62- - ALL
60+ # TODO(user): uncomment for common cases that do not require escalating privileges
61+ # capabilities:
62+ # drop:
63+ # - "ALL"
6364 image: gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
6465 args:
6566 - "--secure-listen-address=0.0.0.0:8443"
Original file line number Diff line number Diff line change 7272 spec:
7373 securityContext:
7474 runAsNonRoot: true
75- seccompProfile:
76- type: RuntimeDefault
75+ # TODO(user): For common cases that do not require escalating privileges
76+ # it is recommended to ensure that all your Pods/Containers are restrictive.
77+ # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
78+ # Please uncomment the following code if your project does NOT have to work on old Kubernetes
79+ # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
80+ # seccompProfile:
81+ # type: RuntimeDefault
7782 containers:
7883 - command:
7984 - /manager
8590 name: manager
8691 securityContext:
8792 allowPrivilegeEscalation: false
88- capabilities:
89- drop:
90- - ALL
93+ # TODO(user): uncomment for common cases that do not require escalating privileges
94+ # capabilities:
95+ # drop:
96+ # - "ALL"
9197 livenessProbe:
9298 httpGet:
9399 path: /healthz
Original file line number Diff line number Diff line change 1212 - name : kube-rbac-proxy
1313 securityContext :
1414 allowPrivilegeEscalation : false
15- capabilities :
16- drop :
17- - ALL
15+ # TODO(user): uncomment for common cases that do not require escalating privileges
16+ # capabilities:
17+ # drop:
18+ # - "ALL"
1819 image : gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
1920 args :
2021 - " --secure-listen-address=0.0.0.0:8443"
Original file line number Diff line number Diff line change 2626 spec :
2727 securityContext :
2828 runAsNonRoot : true
29- seccompProfile :
30- type : RuntimeDefault
29+ # TODO(user): For common cases that do not require escalating privileges
30+ # it is recommended to ensure that all your Pods/Containers are restrictive.
31+ # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
32+ # Please uncomment the following code if your project does NOT have to work on old Kubernetes
33+ # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
34+ # seccompProfile:
35+ # type: RuntimeDefault
3136 containers :
3237 - command :
3338 - /manager
3742 name : manager
3843 securityContext :
3944 allowPrivilegeEscalation : false
40- capabilities :
41- drop :
42- - ALL
45+ # TODO(user): uncomment for common cases that do not require escalating privileges
46+ # capabilities:
47+ # drop:
48+ # - "ALL"
4349 livenessProbe :
4450 httpGet :
4551 path : /healthz
Original file line number Diff line number Diff line change 1212 - name : kube-rbac-proxy
1313 securityContext :
1414 allowPrivilegeEscalation : false
15- capabilities :
16- drop :
17- - ALL
15+ # TODO(user): uncomment for common cases that do not require escalating privileges
16+ # capabilities:
17+ # drop:
18+ # - "ALL"
1819 image : gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
1920 args :
2021 - " --secure-listen-address=0.0.0.0:8443"
Original file line number Diff line number Diff line change @@ -26,18 +26,24 @@ spec:
2626 spec :
2727 securityContext :
2828 runAsNonRoot : true
29- seccompProfile :
30- type : RuntimeDefault
29+ # TODO(user): For common cases that do not require escalating privileges
30+ # it is recommended to ensure that all your Pods/Containers are restrictive.
31+ # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
32+ # Please uncomment the following code if your project does NOT have to work on old Kubernetes
33+ # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
34+ # seccompProfile:
35+ # type: RuntimeDefault
3136 containers :
3237 - command :
3338 - /manager
3439 image : controller:latest
3540 name : manager
3641 securityContext :
3742 allowPrivilegeEscalation : false
38- capabilities :
39- drop :
40- - ALL
43+ # TODO(user): uncomment for common cases that do not require escalating privileges
44+ # capabilities:
45+ # drop:
46+ # - "ALL"
4147 livenessProbe :
4248 httpGet :
4349 path : /healthz
Original file line number Diff line number Diff line change 1212 - name : kube-rbac-proxy
1313 securityContext :
1414 allowPrivilegeEscalation : false
15- capabilities :
16- drop :
17- - ALL
15+ # TODO(user): uncomment for common cases that do not require escalating privileges
16+ # capabilities:
17+ # drop:
18+ # - "ALL"
1819 image : gcr.io/kubebuilder/kube-rbac-proxy:v0.11.0
1920 args :
2021 - " --secure-listen-address=0.0.0.0:8443"
Original file line number Diff line number Diff line change 2626 spec :
2727 securityContext :
2828 runAsNonRoot : true
29- seccompProfile :
30- type : RuntimeDefault
29+ # TODO(user): For common cases that do not require escalating privileges
30+ # it is recommended to ensure that all your Pods/Containers are restrictive.
31+ # More info: https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted
32+ # Please uncomment the following code if your project does NOT have to work on old Kubernetes
33+ # versions < 1.19 or on vendors versions which do NOT support this field by default (i.e. Openshift < 4.11 ).
34+ # seccompProfile:
35+ # type: RuntimeDefault
3136 containers :
3237 - command :
3338 - /manager
3742 name : manager
3843 securityContext :
3944 allowPrivilegeEscalation : false
40- capabilities :
41- drop :
42- - ALL
45+ # TODO(user): uncomment for common cases that do not require escalating privileges
46+ # capabilities:
47+ # drop:
48+ # - "ALL"
4349 livenessProbe :
4450 httpGet :
4551 path : /healthz
You can’t perform that action at this time.
0 commit comments