Add seccompProfile to Helm chart (#2323)

Problem: Not specifying the seccompProfile gives warnings in certain
enviroments

Solution: Set the seccompProfile

Author: lucacome

charts/nginx-gateway-fabric/templates/deployment.yaml

@@ -115,6 +115,8 @@ spec:
           periodSeconds: 1
         {{- end }}
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           allowPrivilegeEscalation: {{ .Values.nginxGateway.securityContext.allowPrivilegeEscalation }}
           capabilities:
             add:
@@ -151,6 +153,8 @@ spec:
         - containerPort: 443
           name: https
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             add:
             - NET_BIND_SERVICE

charts/nginx-gateway-fabric/templates/scc.yaml

@@ -27,6 +27,8 @@ supplementalGroups:
     max: 1001
 seLinuxContext:
   type: MustRunAs
+seccompProfiles:
+- runtime/default
 volumes:
 - emptyDir
 - secret

config/tests/static-deployment.yaml

@@ -58,6 +58,8 @@ spec:
           initialDelaySeconds: 3
           periodSeconds: 1
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           allowPrivilegeEscalation: false
           capabilities:
             add:
@@ -87,6 +89,8 @@ spec:
         - containerPort: 443
           name: https
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             add:
             - NET_BIND_SERVICE

deploy/manifests/nginx-gateway-experimental.yaml

@@ -214,6 +214,8 @@ spec:
           initialDelaySeconds: 3
           periodSeconds: 1
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           allowPrivilegeEscalation: false
           capabilities:
             add:
@@ -243,6 +245,8 @@ spec:
         - containerPort: 443
           name: https
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             add:
             - NET_BIND_SERVICE

deploy/manifests/nginx-gateway.yaml

@@ -210,6 +210,8 @@ spec:
           initialDelaySeconds: 3
           periodSeconds: 1
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           allowPrivilegeEscalation: false
           capabilities:
             add:
@@ -239,6 +241,8 @@ spec:
         - containerPort: 443
           name: https
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             add:
             - NET_BIND_SERVICE

deploy/manifests/nginx-plus-gateway-experimental.yaml

@@ -221,6 +221,8 @@ spec:
           initialDelaySeconds: 3
           periodSeconds: 1
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           allowPrivilegeEscalation: false
           capabilities:
             add:
@@ -250,6 +252,8 @@ spec:
         - containerPort: 443
           name: https
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             add:
             - NET_BIND_SERVICE

deploy/manifests/nginx-plus-gateway.yaml

@@ -217,6 +217,8 @@ spec:
           initialDelaySeconds: 3
           periodSeconds: 1
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           allowPrivilegeEscalation: false
           capabilities:
             add:
@@ -246,6 +248,8 @@ spec:
         - containerPort: 443
           name: https
         securityContext:
+          seccompProfile:
+            type: RuntimeDefault
           capabilities:
             add:
             - NET_BIND_SERVICE

deploy/manifests/scc.yaml

@@ -28,6 +28,8 @@ supplementalGroups:
     max: 1001
 seLinuxContext:
   type: MustRunAs
+seccompProfiles:
+- runtime/default
 volumes:
 - emptyDir
 - secret