diff --git a/charts/spin-operator/templates/deployment.yaml b/charts/spin-operator/templates/deployment.yaml index feeb82b1..0428a7d2 100644 --- a/charts/spin-operator/templates/deployment.yaml +++ b/charts/spin-operator/templates/deployment.yaml @@ -22,6 +22,20 @@ spec: annotations: kubectl.kubernetes.io/default-container: manager spec: + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux containers: - args: {{- toYaml .Values.controllerManager.manager.args | nindent 8 }} command: diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index b697e20a..4f37c8fc 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -36,26 +36,20 @@ spec: labels: control-plane: controller-manager spec: - # TODO(user): Uncomment the following code to configure the nodeAffinity expression - # according to the platforms which are supported by your solution. - # It is considered best practice to support multiple architectures. You can - # build your manager image using the makefile target docker-buildx. - # affinity: - # nodeAffinity: - # requiredDuringSchedulingIgnoredDuringExecution: - # nodeSelectorTerms: - # - matchExpressions: - # - key: kubernetes.io/arch - # operator: In - # values: - # - amd64 - # - arm64 - # - ppc64le - # - s390x - # - key: kubernetes.io/os - # operator: In - # values: - # - linux + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: kubernetes.io/arch + operator: In + values: + - amd64 + - arm64 + - key: kubernetes.io/os + operator: In + values: + - linux securityContext: runAsNonRoot: true # TODO(user): For common cases that do not require escalating privileges