From 4504a527c63b00dd4793c89adcafc99df8375178 Mon Sep 17 00:00:00 2001
From: "Wang, Mike" <jun.wang@fmr.com>
Date: Thu, 7 Sep 2023 21:34:00 +0800
Subject: [PATCH] feat: add kraan securitycontext

---
 chart/templates/kraan/deployment.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/chart/templates/kraan/deployment.yaml b/chart/templates/kraan/deployment.yaml
index 044ed76b..c54e81c1 100644
--- a/chart/templates/kraan/deployment.yaml
+++ b/chart/templates/kraan/deployment.yaml
@@ -43,6 +43,10 @@ spec:
           allowPrivilegeEscalation: false
           runAsNonRoot: {{ .Values.kraan.kraanController.runAsNonRoot }}
           readOnlyRootFilesystem: {{ .Values.kraan.kraanController.readOnly }}
+          capabilities:
+            drop: [ "ALL" ]
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - mountPath: /controller/data
           name: data