From 7d9a450ec9e5b792e149b59260378bd4bdfe9657 Mon Sep 17 00:00:00 2001
From: Ryan Taylor <1686627+rptaylor@users.noreply.github.com>
Date: Fri, 3 Jan 2025 12:26:32 -0800
Subject: [PATCH] helm chart: apply least required privileges in security
 contexts

---
 charts/kueue/Chart.yaml  | 2 +-
 charts/kueue/values.yaml | 5 +++++
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/charts/kueue/Chart.yaml b/charts/kueue/Chart.yaml
index f9882fa521..fe967ab9df 100644
--- a/charts/kueue/Chart.yaml
+++ b/charts/kueue/Chart.yaml
@@ -13,7 +13,7 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.0
+version: 0.1.1
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
diff --git a/charts/kueue/values.yaml b/charts/kueue/values.yaml
index 645ea55788..fca16ddda0 100644
--- a/charts/kueue/values.yaml
+++ b/charts/kueue/values.yaml
@@ -29,8 +29,13 @@ controllerManager:
         memory: 512Mi
     podSecurityContext:
       runAsNonRoot: true
+      seccompProfile:
+        type: RuntimeDefault
     containerSecurityContext:
       allowPrivilegeEscalation: false
+      capabilities:
+        drop:
+          - ALL
   replicas: 1
   imagePullSecrets: []
   readinessProbe: