Skip to content

Commit

Permalink
Moved the seccompProfile patches to istio/base/patches
Browse files Browse the repository at this point in the history 
Signed-off-by: biswajit-9776 <biswajitpatt139@gmail.com>
  • Loading branch information
@biswajit-9776
biswajit-9776 committed Jul 12, 2024
1 parent 86a0a05 commit fb8ff22
Show file tree
Hide file tree
Showing 12 changed files with 69 additions and 59 deletions.
2 changes: 2 additions & 0 deletions common/istio-1-22/istio-install/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,5 @@ patches:
- path: patches/disable-debugging.yaml
- path: patches/istio-ingressgateway-remove-pdb.yaml
- path: patches/istiod-remove-pdb.yaml
- path: patches/seccomp-istio-ingressgateway.yaml
- path: patches/seccomp-istiod.yaml
16 changes: 16 additions & 0 deletions common/istio-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
# This is done to enable 'restricted' level security standards for the pods.
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-ingressgateway
namespace: istio-system
spec:
template:
spec:
containers:
- name: istio-proxy
securityContext:
seccompProfile:
type: RuntimeDefault
16 changes: 16 additions & 0 deletions common/istio-1-22/istio-install/base/patches/seccomp-istiod.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
# This is done to enable 'restricted' level security standards for the pods.
apiVersion: apps/v1
kind: Deployment
metadata:
name: istiod
namespace: istio-system
spec:
template:
spec:
containers:
- name: discovery
securityContext:
seccompProfile:
type: RuntimeDefault
5 changes: 1 addition & 4 deletions common/istio-1-22/kubeflow-istio-resources/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,4 @@ kind: Kustomization
resources:
- kf-istio-resources.yaml
- cluster-roles.yaml
namespace: kubeflow
patches:
- path: patches/seccomp-istio-ingressgateway.yaml
- path: patches/seccomp-istiod.yaml
namespace: kubeflow

Check failure on line 6 in common/istio-1-22/kubeflow-istio-resources/base/kustomization.yaml

View workflow job for this annotation

GitHub Actions / format_YAML_files 

6:20 [new-line-at-end-of-file] no new line character at the end of file
13 changes: 0 additions & 13 deletions common/istio-1-22/kubeflow-istio-resources/base/patches/seccomp-istio-ingressgateway.yaml
View file

This file was deleted.

13 changes: 0 additions & 13 deletions common/istio-1-22/kubeflow-istio-resources/base/patches/seccomp-istiod.yaml
View file

This file was deleted.

2 changes: 2 additions & 0 deletions common/istio-cni-1-22/istio-install/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,3 +14,5 @@ patches:
- path: patches/disable-debugging.yaml
- path: patches/istio-ingressgateway-remove-pdb.yaml
- path: patches/istiod-remove-pdb.yaml
- path: patches/seccomp-istio-ingressgateway.yaml
- path: patches/seccomp-istiod.yaml
16 changes: 16 additions & 0 deletions common/istio-cni-1-22/istio-install/base/patches/seccomp-istio-ingressgateway.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
# This is done to enable 'restricted' level security standards for the pods.
apiVersion: apps/v1
kind: Deployment
metadata:
name: istio-ingressgateway
namespace: istio-system
spec:
template:
spec:
containers:
- name: istio-proxy
securityContext:
seccompProfile:
type: RuntimeDefault
16 changes: 16 additions & 0 deletions common/istio-cni-1-22/istio-install/base/patches/seccomp-istiod.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
# Seccomp profile must be explicitly set to one of the allowed values. Both the Unconfined profile and the absence of a profile are prohibited.
# According to https://kubernetes.io/docs/concepts/security/pod-security-standards/#:~:text=undefined/null-,Seccomp%20(v1.19%2B),-Seccomp%20profile%20must
# This is done to enable 'restricted' level security standards for the pods.
apiVersion: apps/v1
kind: Deployment
metadata:
name: istiod
namespace: istio-system
spec:
template:
spec:
containers:
- name: discovery
securityContext:
seccompProfile:
type: RuntimeDefault
3 changes: 0 additions & 3 deletions common/istio-cni-1-22/kubeflow-istio-resources/base/kustomization.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,3 @@ resources:
- kf-istio-resources.yaml
- cluster-roles.yaml
namespace: kubeflow
patches:
- path: patches/seccomp-istio-ingressgateway.yaml
- path: patches/seccomp-istiod.yaml
13 changes: 0 additions & 13 deletions ...on/istio-cni-1-22/kubeflow-istio-resources/base/patches/seccomp-istio-ingressgateway.yaml
View file

This file was deleted.

13 changes: 0 additions & 13 deletions common/istio-cni-1-22/kubeflow-istio-resources/base/patches/seccomp-istiod.yaml
View file

This file was deleted.

0 comments on commit fb8ff22

Please sign in to comment.