diff --git a/pkg/fixtures/deployments/helm/charts/values.yaml b/pkg/fixtures/deployments/helm/charts/values.yaml index 0fdcf0287..c22651879 100644 --- a/pkg/fixtures/deployments/helm/charts/values.yaml +++ b/pkg/fixtures/deployments/helm/charts/values.yaml @@ -93,20 +93,18 @@ securityContext: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE envVars: diff --git a/pkg/fixtures/deployments/kustomize/base/deployment-override-workload-identity.yaml b/pkg/fixtures/deployments/kustomize/base/deployment-override-workload-identity.yaml index 32f183c9c..7e71af8b5 100644 --- a/pkg/fixtures/deployments/kustomize/base/deployment-override-workload-identity.yaml +++ b/pkg/fixtures/deployments/kustomize/base/deployment-override-workload-identity.yaml @@ -63,20 +63,18 @@ spec: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/pkg/fixtures/deployments/kustomize/base/deployment.yaml b/pkg/fixtures/deployments/kustomize/base/deployment.yaml index afcc0b950..2f60640ee 100644 --- a/pkg/fixtures/deployments/kustomize/base/deployment.yaml +++ b/pkg/fixtures/deployments/kustomize/base/deployment.yaml @@ -61,20 +61,18 @@ spec: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/pkg/fixtures/deployments/manifest/manifests/deployment-override-workload-identity.yaml b/pkg/fixtures/deployments/manifest/manifests/deployment-override-workload-identity.yaml index 0e432e49a..d84ddaaf3 100755 --- a/pkg/fixtures/deployments/manifest/manifests/deployment-override-workload-identity.yaml +++ b/pkg/fixtures/deployments/manifest/manifests/deployment-override-workload-identity.yaml @@ -63,20 +63,18 @@ spec: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/pkg/fixtures/deployments/manifest/manifests/deployment.yaml b/pkg/fixtures/deployments/manifest/manifests/deployment.yaml index afcc0b950..2f60640ee 100644 --- a/pkg/fixtures/deployments/manifest/manifests/deployment.yaml +++ b/pkg/fixtures/deployments/manifest/manifests/deployment.yaml @@ -61,20 +61,18 @@ spec: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/template/deployments/helm/charts/values.yaml b/template/deployments/helm/charts/values.yaml index 9bceb7bc1..43b458b96 100644 --- a/template/deployments/helm/charts/values.yaml +++ b/template/deployments/helm/charts/values.yaml @@ -115,20 +115,18 @@ securityContext: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE envVars: {{- range $key, $value := .Config.GetVariableValue "ENVVARS" }} diff --git a/template/deployments/kustomize/base/deployment.yaml b/template/deployments/kustomize/base/deployment.yaml index 36b428169..eb2053dc9 100644 --- a/template/deployments/kustomize/base/deployment.yaml +++ b/template/deployments/kustomize/base/deployment.yaml @@ -85,20 +85,18 @@ spec: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: diff --git a/template/deployments/manifests/manifests/deployment.yaml b/template/deployments/manifests/manifests/deployment.yaml index 36b428169..eb2053dc9 100644 --- a/template/deployments/manifests/manifests/deployment.yaml +++ b/template/deployments/manifests/manifests/deployment.yaml @@ -85,20 +85,18 @@ spec: drop: - ALL add: - - SETPCAP - - MKNOD - AUDIT_WRITE - CHOWN - DAC_OVERRIDE - FOWNER - FSETID - KILL + - MKNOD + - NET_BIND_SERVICE + - SETPCAP - SETGID - SETUID - - NET_BIND_SERVICE - SYS_CHROOT - - SETFCAP - - SYS_PTRACE affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: