fix: Update controller deployment that supports Pod Security Admission (#168)

rashedkvm · web-flow · commit 462d90416d45 · 2023-09-11T17:24:59.000-04:00
Signed-off-by: Rashed Kamal &lt;krashed@vmware.com&gt;
diff --git a/.ko.yaml b/.ko.yaml
@@ -1 +1 @@
-defaultBaseImage: paketobuildpacks/run-jammy-tiny@sha256:d133c8551fbd5f2a4a3be5e5dab0e16e2f2c03af9fd1843b8f036976ef46f8ce
+defaultBaseImage: paketobuildpacks/run-jammy-tiny@sha256:2879c44347b5aba185d5a8306db4e87eb437edfedf085a3b442f5ad79cdc6a6a
diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml
@@ -36,6 +36,12 @@ spec:
         name: manager
         securityContext:
           allowPrivilegeEscalation: false
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
+          capabilities:
+            drop:
+            - ALL 
         livenessProbe:
           httpGet:
             path: /healthz
diff --git a/dist/source-controller.yaml b/dist/source-controller.yaml
@@ -683,6 +683,12 @@ spec:
             memory: 20Mi
         securityContext:
           allowPrivilegeEscalation: false
+          capabilities:
+            drop:
+            - ALL
+          runAsNonRoot: true
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - mountPath: /tmp/k8s-webhook-server/serving-certs
           name: cert

Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-defaultBaseImage: paketobuildpacks/run-jammy-tiny@sha256:d133c8551fbd5f2a4a3be5e5dab0e16e2f2c03af9fd1843b8f036976ef46f8ce`
	`1`	`+defaultBaseImage: paketobuildpacks/run-jammy-tiny@sha256:2879c44347b5aba185d5a8306db4e87eb437edfedf085a3b442f5ad79cdc6a6a`