Skip to content

Commit

Permalink
Tighten permissions
Browse files Browse the repository at this point in the history
  • Loading branch information
@atanasovskib
atanasovskib committed Apr 12, 2024
1 parent 77a9cb2 commit 2ac1ea4
Show file tree
Hide file tree
Showing 3 changed files with 3 additions and 3 deletions.
1 change: 1 addition & 0 deletions charts/gpu-metrics-exporter/templates/daemonset.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: apps/v1
kind: DaemonSet
metadata:
name: {{ include "gpu-metrics-exporter.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "gpu-metrics-exporter.labels" . | nindent 4 }}
spec:
Expand Down
2 changes: 0 additions & 2 deletions charts/gpu-metrics-exporter/values.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,5 +44,3 @@ dcgmExporter:
securityContext:
privileged: true
readOnlyRootFilesystem: true
allowPrivilegeEscalation: false
runAsNonRoot: true
3 changes: 2 additions & 1 deletion kube-linter-config.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,4 +2,5 @@ checks:
exclude:
- "unset-cpu-requirements"
- "unset-memory-requirements"
- "privilege-escalation-container"
- "privileged-container"
- "run-as-non-root"

0 comments on commit 2ac1ea4

Please sign in to comment.