define minimal securityContext for cloud provider

Signed-off-by: Ryan Taylor <[email protected]>
kube-vip · Oct 15, 2024 · 1eb7e25 · 1eb7e25
1 parent 8a0cc51
commit 1eb7e25
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/charts/kube-vip-cloud-provider/templates/deployment.yaml b/charts/kube-vip-cloud-provider/templates/deployment.yaml
@@ -22,6 +22,10 @@ spec:
           imagePullPolicy: {{ .Values.image.pullPolicy }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
+          securityContext:
+            allowPrivilegeEscalation: false
+            seccompProfile:
+              type: RuntimeDefault
       serviceAccountName: {{ include "kube-vip-cloud-provider.name" . }}
       {{- if .Values.nodeSelector }}
       nodeSelector: