github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-15 14:14:39 +00:00
Code Issues Projects Releases Wiki Activity

Adding recommendations from tallclair.

Browse Source
This commit is contained in:
Paulo Gomes
2019-09-11 19:30:32 +01:00
parent 8dcc976db3
commit 72ee17c5ca
3 changed files with 3 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/addons/dns/kube-dns/kube-dns.yaml.base
View File

@@ -82,13 +82,12 @@ spec:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
prometheus.io/port: "10054" prometheus.io/port: "10054"
prometheus.io/scrape: "true" prometheus.io/scrape: "true"
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext: securityContext:
runAsNonRoot: true
supplementalGroups: [ 65534 ] supplementalGroups: [ 65534 ]
fsGroup: 65534 fsGroup: 65534
tolerations: tolerations:
@@ -198,8 +197,6 @@ spec:
mountPath: /etc/k8s/dns/dnsmasq-nanny mountPath: /etc/k8s/dns/dnsmasq-nanny
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: false
capabilities: capabilities:
drop: drop:
- all - all

5
cluster/addons/dns/kube-dns/kube-dns.yaml.in
View File

@@ -82,13 +82,12 @@ spec:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
prometheus.io/port: "10054" prometheus.io/port: "10054"
prometheus.io/scrape: "true" prometheus.io/scrape: "true"
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext: securityContext:
runAsNonRoot: true
supplementalGroups: [ 65534 ] supplementalGroups: [ 65534 ]
fsGroup: 65534 fsGroup: 65534
tolerations: tolerations:
@@ -198,8 +197,6 @@ spec:
mountPath: /etc/k8s/dns/dnsmasq-nanny mountPath: /etc/k8s/dns/dnsmasq-nanny
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: false
capabilities: capabilities:
drop: drop:
- all - all

5
cluster/addons/dns/kube-dns/kube-dns.yaml.sed
View File

@@ -82,13 +82,12 @@ spec:
labels: labels:
k8s-app: kube-dns k8s-app: kube-dns
annotations: annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default' seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
prometheus.io/port: "10054" prometheus.io/port: "10054"
prometheus.io/scrape: "true" prometheus.io/scrape: "true"
spec: spec:
priorityClassName: system-cluster-critical priorityClassName: system-cluster-critical
securityContext: securityContext:
runAsNonRoot: true
supplementalGroups: [ 65534 ] supplementalGroups: [ 65534 ]
fsGroup: 65534 fsGroup: 65534
tolerations: tolerations:
@@ -198,8 +197,6 @@ spec:
mountPath: /etc/k8s/dns/dnsmasq-nanny mountPath: /etc/k8s/dns/dnsmasq-nanny
securityContext: securityContext:
allowPrivilegeEscalation: false allowPrivilegeEscalation: false
readOnlyRootFilesystem: false
runAsNonRoot: false
capabilities: capabilities:
drop: drop:
- all - all