Sok3t/descheduler
1
0
Fork 0
mirror of https://github.com/kubernetes-sigs/descheduler.git synced 2026-01-28 06:29:29 +01:00
Code Packages Releases Activity

Update Job and CronJob YAML to run as non-root

Browse Source
This commit is contained in:
Sean Malloy
2021-02-09 23:09:59 -06:00
parent fbd17d4caf
commit dfc76906d4
2 changed files with 16 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
kubernetes/cronjob/cronjob.yaml
View File

@@ -31,6 +31,14 @@ spec:
requests: requests:
cpu: "500m" cpu: "500m"
memory: "256Mi" memory: "256Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
restartPolicy: "Never" restartPolicy: "Never"
serviceAccountName: descheduler-sa serviceAccountName: descheduler-sa
volumes: volumes:

8
kubernetes/job/job.yaml
View File

@@ -29,6 +29,14 @@ spec:
requests: requests:
cpu: "500m" cpu: "500m"
memory: "256Mi" memory: "256Mi"
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
readOnlyRootFilesystem: true
runAsNonRoot: true
restartPolicy: "Never" restartPolicy: "Never"
serviceAccountName: descheduler-sa serviceAccountName: descheduler-sa
volumes: volumes: