Skip to content

Commit

Permalink
Merge pull request #754 from kramaranya/scc_pinning
Browse files Browse the repository at this point in the history
SCC-pinning for openshift workloads
  • Loading branch information
zeeke authored Aug 9, 2024
2 parents 8b8f651 + 7c592c5 commit 2dec53f
Show file tree
Hide file tree
Showing 6 changed files with 11 additions and 0 deletions.
1 change: 1 addition & 0 deletions bindata/manifests/daemon/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ spec:
openshift.io/component: network
annotations:
kubectl.kubernetes.io/default-container: sriov-network-config-daemon
openshift.io/required-scc: privileged
spec:
hostNetwork: true
hostPID: true
Expand Down
2 changes: 2 additions & 0 deletions bindata/manifests/operator-webhook/server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@ spec:
metadata:
labels:
app: operator-webhook
annotations:
openshift.io/required-scc: restricted-v2
spec:
securityContext:
runAsNonRoot: true
Expand Down
2 changes: 2 additions & 0 deletions bindata/manifests/webhook/server.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,8 @@ spec:
component: network
type: infra
openshift.io/component: network
annotations:
openshift.io/required-scc: restricted-v2
spec:
securityContext:
runAsNonRoot: true
Expand Down
2 changes: 2 additions & 0 deletions config/manager/manager.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,8 @@ spec:
metadata:
labels:
control-plane: controller-manager
annotations:
openshift.io/required-scc: restricted-v2
spec:
securityContext:
runAsNonRoot: true
Expand Down
2 changes: 2 additions & 0 deletions deploy/operator.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ spec:
metadata:
labels:
name: sriov-network-operator
annotations:
openshift.io/required-scc: restricted-v2
spec:
affinity:
nodeAffinity:
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,8 @@ spec:
maxUnavailable: 33%
template:
metadata:
annotations:
openshift.io/required-scc: restricted-v2
labels:
name: sriov-network-operator
spec:
Expand Down

0 comments on commit 2dec53f

Please sign in to comment.