lzc256
/
tailscale
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge f8356c9dee into 909e9eabe4

pull/7361/merge
Thomas 2023-06-19 11:53:20 -04:00 committed by GitHub
parent 909e9eabe4 f8356c9dee
commit e819c592a1
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 57 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
cmd/k8s-operator/manifests/operator.yaml
View File

@ -119,6 +119,8 @@ spec:
spec: spec:
serviceAccountName: operator serviceAccountName: operator
volumes: volumes:
- name: config
emptyDir: {}
- name: oauth - name: oauth
secret: secret:
secretName: operator-oauth secretName: operator-oauth
@ -151,6 +153,20 @@ spec:
- name: AUTH_PROXY - name: AUTH_PROXY
value: "false" value: "false"
volumeMounts: volumeMounts:
- name: config
mountPath: /.config
- name: oauth - name: oauth
mountPath: /oauth mountPath: /oauth
readOnly: true readOnly: true
securityContext:
capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
securityContext:
runAsUser: 1000
runAsGroup: 3000
runAsNonRoot: true
fsGroup: 2000
seccompProfile:
type: RuntimeDefault

15
cmd/k8s-operator/manifests/proxy.yaml
View File

@ -14,7 +14,10 @@ spec:
- name: sysctler - name: sysctler
image: busybox image: busybox
securityContext: securityContext:
privileged: true capabilities:
drop:
- ALL
allowPrivilegeEscalation: false
command: ["/bin/sh"] command: ["/bin/sh"]
args: args:
- -c - -c
@ -35,3 +38,13 @@ spec:
capabilities: capabilities:
add: add:
- NET_ADMIN - NET_ADMIN
drop:
- ALL
allowPrivilegeEscalation: false
securityContext:
runAsUser: 1000
runAsGroup: 3000
runAsNonRoot: true
fsGroup: 2000
seccompProfile:
type: RuntimeDefault