Skip to content
This repository has been archived by the owner on Aug 21, 2023. It is now read-only.

Commit

Permalink
Added volumetypes to PSP to prevent issue spinning pods as described …
Browse files Browse the repository at this point in the history 
…at: giantswarm/roadmap#259 (comment).
  • Loading branch information
@Strigix
Strigix committed Feb 28, 2023
1 parent ce6418f commit 91ca540
Show file tree
Hide file tree
Showing 2 changed files with 11 additions and 0 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,6 +15,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0

- Use of default/runtime seccomp profile.

### Changed

- Added extra volumetypes to PSP to prevent pods being blocked from running after adding seccompannotation.

## [0.5.5] - 2023-02-08

### Changed
Expand Down
7 changes: 7 additions & 0 deletions helm/dns-operator-aws/templates/psp.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,13 @@ spec:
rule: RunAsAny
supplementalGroups:
rule: RunAsAny
volumes:
- emptyDir
- secret
- downwardAPI
- configMap
- persistentVolumeClaim
- projected
allowPrivilegeEscalation: false
hostNetwork: false
hostIPC: false
Expand Down

0 comments on commit 91ca540

Please sign in to comment.