Apply trivy recommended hardening

Signed-off-by: Pat Riehecky <[email protected]>

deploy/chart/local-path-provisioner/templates/deployment.yaml

@@ -74,6 +74,9 @@ spec:
           env:
             - name: POD_NAMESPACE
               value: {{ .Release.Namespace }}
+          {{- with .Values.containerSecurityContext }}
+          securityContext: {{ toYaml .| nindent 12 }}
+          {{- end }}
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
       volumes:

deploy/chart/local-path-provisioner/values.yaml

@@ -23,6 +23,11 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""
 
+podSecurityContext: {}
+containerSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault
+
 ## For creating the StorageClass automatically:
 storageClass:
   create: true

deploy/local-path-storage.yaml

@@ -78,6 +78,9 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
       volumes:
         - name: config-volume
           configMap:

deploy/provisioner.yaml

@@ -32,6 +32,9 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: metadata.namespace
+          securityContext:
+            seccompProfile:
+              type: RuntimeDefault
       volumes:
         - name: config-volume
           configMap: