Added the securityContext and resources into the operator deployment (#…

…1868)
knative · Oct 3, 2024 · d8d2f37 · d8d2f37
1 parent 63fc7e4
commit d8d2f37
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 1 deletion.
diff --git a/config/manager/operator.yaml b/config/manager/operator.yaml
@@ -37,6 +37,13 @@ spec:
       containers:
         - name: knative-operator
           image: ko://knative.dev/operator/cmd/operator
+          resources:
+            requests:
+              cpu: 100m
+              memory: 100Mi
+            limits:
+              cpu: 1000m
+              memory: 1000Mi
           imagePullPolicy: IfNotPresent
           env:
             - name: POD_NAME
@@ -55,6 +62,13 @@ spec:
               value: config-observability
             - name: KUBERNETES_MIN_VERSION
               value: ""
+          securityContext:
+            allowPrivilegeEscalation: false
+            readOnlyRootFilesystem: true
+            runAsNonRoot: true
+            capabilities:
+              drop:
+                - ALL
           ports:
             - name: metrics
               containerPort: 9090
diff --git a/config/webhook/webhook.yaml b/config/webhook/webhook.yaml
@@ -92,7 +92,7 @@ spec:
           runAsNonRoot: true
           capabilities:
             drop:
-            - all
+              - ALL
 
         ports:
         - name: metrics