Use seccomp profile RuntimeDefault

Signed-off-by: Tamal Saha <[email protected]>

deploy/cluster-manager/config/operator/operator.yaml

@@ -56,6 +56,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

deploy/klusterlet/config/operator/operator.yaml

@@ -60,6 +60,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/cluster-manager/management/cluster-manager-addon-manager-deployment.yaml

@@ -69,6 +69,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/cluster-manager/management/cluster-manager-manifestworkreplicaset-deployment.yaml

@@ -73,6 +73,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/cluster-manager/management/cluster-manager-placement-deployment.yaml

@@ -65,6 +65,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/cluster-manager/management/cluster-manager-registration-deployment.yaml

@@ -73,6 +73,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/cluster-manager/management/cluster-manager-registration-webhook-deployment.yaml

@@ -81,6 +81,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/cluster-manager/management/cluster-manager-work-webhook-deployment.yaml

@@ -66,6 +66,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         livenessProbe:
           httpGet:
             path: /healthz

manifests/klusterlet/management/klusterlet-agent-deployment.yaml

@@ -115,6 +115,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - name: bootstrap-secret
           mountPath: "/spoke/bootstrap"

manifests/klusterlet/management/klusterlet-registration-deployment.yaml

@@ -103,6 +103,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - name: bootstrap-secret
           mountPath: "/spoke/bootstrap"

manifests/klusterlet/management/klusterlet-work-deployment.yaml

@@ -101,6 +101,8 @@ spec:
           privileged: false
           runAsNonRoot: true
           readOnlyRootFilesystem: true
+          seccompProfile:
+            type: RuntimeDefault
         volumeMounts:
         - name: hub-kubeconfig-secret
           mountPath: "/spoke/hub-kubeconfig"