set securityContext in podSpec

Signed-off-by: zhzhuang-zju <m17799853869@163.com>
zhzhuang-zju · Jan 10, 2025 · 3a94c5d · 3a94c5d
1 parent 253dc79
commit 3a94c5d
Show file tree

Hide file tree

Showing 10 changed files with 30 additions and 1 deletion.
diff --git a/artifacts/deploy/karmada-apiserver.yaml b/artifacts/deploy/karmada-apiserver.yaml
@@ -121,7 +121,9 @@ spec:
       priorityClassName: system-node-critical
       restartPolicy: Always
       schedulerName: default-scheduler
-      securityContext: {}
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       terminationGracePeriodSeconds: 30
       tolerations:
         - effect: NoExecute

diff --git a/artifacts/deploy/karmada-controller-manager.yaml b/artifacts/deploy/karmada-controller-manager.yaml
@@ -53,3 +53,6 @@ spec:
         - name: karmada-config
           secret:
             secretName: karmada-controller-manager-config
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
diff --git a/artifacts/deploy/karmada-descheduler.yaml b/artifacts/deploy/karmada-descheduler.yaml
@@ -58,3 +58,6 @@ spec:
         - name: scheduler-estimator-client-cert
           secret:
             secretName: karmada-descheduler-scheduler-estimator-client-cert
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
diff --git a/artifacts/deploy/karmada-etcd.yaml b/artifacts/deploy/karmada-etcd.yaml
@@ -88,6 +88,9 @@ spec:
               mountPath: /etc/karmada/pki/server
             - name: etcd-client-cert
               mountPath: /etc/karmada/pki/etcd-client
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
       volumes:
         - name: etcd-data
           hostPath:

diff --git a/artifacts/deploy/karmada-metrics-adapter.yaml b/artifacts/deploy/karmada-metrics-adapter.yaml
@@ -71,6 +71,9 @@ spec:
         - name: server-cert
           secret:
             secretName: karmada-metrics-adapter-cert
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 ---
 apiVersion: v1
 kind: Service

diff --git a/artifacts/deploy/karmada-scheduler-estimator.yaml b/artifacts/deploy/karmada-scheduler-estimator.yaml
@@ -59,6 +59,9 @@ spec:
         - name: member-kubeconfig
           secret:
             secretName: {{member_cluster_name}}-kubeconfig
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 ---
 apiVersion: v1
 kind: Service

diff --git a/artifacts/deploy/karmada-scheduler.yaml b/artifacts/deploy/karmada-scheduler.yaml
@@ -59,3 +59,6 @@ spec:
         - name: scheduler-estimator-client-cert
           secret:
             secretName: karmada-scheduler-scheduler-estimator-client-cert
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
diff --git a/artifacts/deploy/karmada-search.yaml b/artifacts/deploy/karmada-search.yaml
@@ -70,6 +70,9 @@ spec:
         - name: etcd-client-cert
           secret:
             secretName: karmada-search-etcd-client-cert
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 ---
 apiVersion: v1
 kind: Service

diff --git a/artifacts/deploy/karmada-webhook.yaml b/artifacts/deploy/karmada-webhook.yaml
@@ -56,6 +56,9 @@ spec:
         - name: server-cert
           secret:
             secretName: karmada-webhook-cert
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault
 ---
 apiVersion: v1
 kind: Service

diff --git a/artifacts/deploy/kube-controller-manager.yaml b/artifacts/deploy/kube-controller-manager.yaml
@@ -91,3 +91,6 @@ spec:
         - name: service-account-key-pair
           secret:
             secretName: kube-controller-manager-service-account-key-pair
+      securityContext:
+        seccompProfile:
+          type: RuntimeDefault