You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
65 lines
1.7 KiB
65 lines
1.7 KiB
apiVersion: kustomize.config.k8s.io/v1beta1
|
|
kind: Kustomization
|
|
resources:
|
|
- resources.yaml
|
|
- aggregated-roles.yaml
|
|
namespace: kubeflow
|
|
patches:
|
|
- target:
|
|
kind: Deployment
|
|
name: spark-operator-webhook
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/spec/containers/0/securityContext
|
|
value:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault # Only this is missing upstream!
|
|
- target:
|
|
kind: Deployment
|
|
name: spark-operator-controller
|
|
patch: |-
|
|
- op: add
|
|
path: /spec/template/spec/containers/0/securityContext
|
|
value:
|
|
allowPrivilegeEscalation: false
|
|
capabilities:
|
|
drop:
|
|
- ALL
|
|
privileged: false
|
|
readOnlyRootFilesystem: true
|
|
runAsNonRoot: true
|
|
seccompProfile:
|
|
type: RuntimeDefault # only this is missing upstream!
|
|
- target:
|
|
kind: Deployment
|
|
name: spark-operator-webhook
|
|
patch: |-
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: spark-operator-webhook
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
sidecar.istio.io/inject: "false"
|
|
- target:
|
|
kind: Deployment
|
|
name: spark-operator-controller
|
|
patch: |-
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: spark-operator-controller
|
|
spec:
|
|
template:
|
|
metadata:
|
|
labels:
|
|
sidecar.istio.io/inject: "false"
|
|
|