eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

Add RuntimeDefault seccomp profiles to all managed workloads

Browse source 
Addresses 32 CIS Kubernetes Benchmark failures from Prowler scan
(core_seccomp_profile_docker_default). Applied pod-level seccomp
RuntimeDefault to 18 deployments/statefulsets and 2 cronjobs.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-03-24 16:19:40 -07:00
commit 07e9c810ca
21 changed files with 55 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

2
argocd/manifests/loki/statefulset.yaml
View file

@ -18,6 +18,8 @@ spec:
fsGroup: 10001
runAsNonRoot: true
runAsUser: 10001
seccompProfile:
type: RuntimeDefault
containers:
- name: loki
image: grafana/loki:kustomized