diff --git a/Makefile b/Makefile index 3caf2ccd..67ca8d59 100644 --- a/Makefile +++ b/Makefile @@ -461,6 +461,8 @@ deploy-crds: $(KUBECTL) ## Install libsveltos CRDs @echo 'Install libsveltos CRDs' $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_debuggingconfigurations.lib.projectsveltos.io.yaml $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_classifiers.lib.projectsveltos.io.yaml + $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_managementclusterclassifiers.lib.projectsveltos.io.yaml + $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_managementclusterclassifierreports.lib.projectsveltos.io.yaml $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_resourcesummaries.lib.projectsveltos.io.yaml $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_sveltosclusters.lib.projectsveltos.io.yaml $(KUBECTL) apply -f https://raw.githubusercontent.com/projectsveltos/libsveltos/$(TAG)/manifests/apiextensions.k8s.io_v1_customresourcedefinition_clustersets.lib.projectsveltos.io.yaml diff --git a/api/v1beta1/zz_generated.deepcopy.go b/api/v1beta1/zz_generated.deepcopy.go index 9e31aec6..dd08190d 100644 --- a/api/v1beta1/zz_generated.deepcopy.go +++ b/api/v1beta1/zz_generated.deepcopy.go @@ -21,12 +21,11 @@ limitations under the License. package v1beta1 import ( + apiv1beta1 "github.com/projectsveltos/libsveltos/api/v1beta1" corev1 "k8s.io/api/core/v1" - v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/util/intstr" - - apiv1beta1 "github.com/projectsveltos/libsveltos/api/v1beta1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. diff --git a/config/manager/manager.yaml b/config/manager/manager.yaml index 58e6088a..6b144952 100644 --- a/config/manager/manager.yaml +++ b/config/manager/manager.yaml @@ -42,6 +42,8 @@ spec: spec: securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault initContainers: - env: - name: IS_INITIALIZATION diff --git a/manifest/deployment-agentless.yaml b/manifest/deployment-agentless.yaml index f9834fbe..5504187b 100644 --- a/manifest/deployment-agentless.yaml +++ b/manifest/deployment-agentless.yaml @@ -112,6 +112,8 @@ spec: type: RuntimeDefault securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: addon-controller terminationGracePeriodSeconds: 10 volumes: diff --git a/manifest/deployment-shard.yaml b/manifest/deployment-shard.yaml index afc418ad..c17ef18d 100644 --- a/manifest/deployment-shard.yaml +++ b/manifest/deployment-shard.yaml @@ -112,6 +112,8 @@ spec: type: RuntimeDefault securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: addon-controller terminationGracePeriodSeconds: 10 volumes: diff --git a/manifest/manifest.yaml b/manifest/manifest.yaml index a81824d4..5ad7b96c 100644 --- a/manifest/manifest.yaml +++ b/manifest/manifest.yaml @@ -10605,6 +10605,8 @@ spec: type: RuntimeDefault securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: addon-controller terminationGracePeriodSeconds: 10 volumes: diff --git a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go index 2ee42688..05bc3687 100644 --- a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go +++ b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.go @@ -60,7 +60,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/projectsveltos/drift-detection-manager@sha256:e37a6fa9d9afb1bf7176334467637336a75690a39549586c4820c429d75eed2c + image: docker.io/projectsveltos/drift-detection-manager@sha256:dfdf852bcbab5ce11a07ec64ec9a4175f8a4cd6359a3ffd9d0a4727efa9533ce livenessProbe: failureThreshold: 3 httpGet: @@ -99,6 +99,8 @@ spec: - ALL securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: drift-detection-manager terminationGracePeriodSeconds: 10 `) diff --git a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml index 84e11e33..f8c98bf4 100644 --- a/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml +++ b/pkg/drift-detection/drift-detection-manager-in-mgmt-cluster.yaml @@ -42,7 +42,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/projectsveltos/drift-detection-manager@sha256:e37a6fa9d9afb1bf7176334467637336a75690a39549586c4820c429d75eed2c + image: docker.io/projectsveltos/drift-detection-manager@sha256:dfdf852bcbab5ce11a07ec64ec9a4175f8a4cd6359a3ffd9d0a4727efa9533ce livenessProbe: failureThreshold: 3 httpGet: @@ -81,5 +81,7 @@ spec: - ALL securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: drift-detection-manager terminationGracePeriodSeconds: 10 diff --git a/pkg/drift-detection/drift-detection-manager.go b/pkg/drift-detection/drift-detection-manager.go index e4e0a2ec..c41e1eee 100644 --- a/pkg/drift-detection/drift-detection-manager.go +++ b/pkg/drift-detection/drift-detection-manager.go @@ -162,7 +162,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/projectsveltos/drift-detection-manager@sha256:e37a6fa9d9afb1bf7176334467637336a75690a39549586c4820c429d75eed2c + image: docker.io/projectsveltos/drift-detection-manager@sha256:dfdf852bcbab5ce11a07ec64ec9a4175f8a4cd6359a3ffd9d0a4727efa9533ce livenessProbe: failureThreshold: 3 httpGet: @@ -201,6 +201,8 @@ spec: - ALL securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: drift-detection-manager terminationGracePeriodSeconds: 10 `) diff --git a/pkg/drift-detection/drift-detection-manager.yaml b/pkg/drift-detection/drift-detection-manager.yaml index 49a5ed43..7bee7422 100644 --- a/pkg/drift-detection/drift-detection-manager.yaml +++ b/pkg/drift-detection/drift-detection-manager.yaml @@ -144,7 +144,7 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace - image: docker.io/projectsveltos/drift-detection-manager@sha256:e37a6fa9d9afb1bf7176334467637336a75690a39549586c4820c429d75eed2c + image: docker.io/projectsveltos/drift-detection-manager@sha256:dfdf852bcbab5ce11a07ec64ec9a4175f8a4cd6359a3ffd9d0a4727efa9533ce livenessProbe: failureThreshold: 3 httpGet: @@ -183,5 +183,7 @@ spec: - ALL securityContext: runAsNonRoot: true + seccompProfile: + type: RuntimeDefault serviceAccountName: drift-detection-manager terminationGracePeriodSeconds: 10