[SECURITY] Set seccompProfile to RuntimeDefault for OpenSearch, OpenS…

…earch Dashboards and Fluent Bit pods

CHANGELOG.md

@@ -1,5 +1,10 @@
 # SAS Viya Monitoring for Kubernetes
 
+## Unreleased
+* **Logging**
+  * [SECURITY] Set `seccompProfile` to `RuntimeDefault` for OpenSearch, OpenSearch Dashboards and Fluent Bit pods in
+non-OpenShift environments.
+
 ## Version 1.2.31 (15NOV2024)
 * **Logging**
   * [UPGRADE] OpenSearch and OpenSearch Dashboards upgraded from 2.15.0 to 2.17.1

logging/fb/fluent-bit_helm_values_azmonitor.yaml

@@ -69,3 +69,7 @@ resources:
   requests:
     cpu: 100m
     memory: 128Mi
+
+podSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault

logging/fb/fluent-bit_helm_values_events.yaml

@@ -38,6 +38,10 @@ securityContext:
   runAsUser: 1001
   readOnlyRootFilesystem: true
 
+podSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault
+
 resources:
 #  limits:
 #    cpu: 100m

logging/fb/fluent-bit_helm_values_opensearch.yaml

@@ -63,3 +63,7 @@ resources:
   requests:
     cpu: 100m
     memory: 128Mi
+
+podSecurityContext:
+  seccompProfile:
+    type: RuntimeDefault

logging/opensearch/opensearch_helm_values.yaml

@@ -175,3 +175,8 @@ sysctlInit:
 
 #sysctlVmMaxMapCount:
 #  262144
+
+
+podSecurityContext:
+  seccompProfile: 
+    type: RuntimeDefault

logging/opensearch/osd_helm_values.yaml

@@ -69,3 +69,8 @@ config:
 securityContext:
   readOnlyRootFilesystem: true
   allowPrivilegeEscalation: false
+
+podSecurityContext:
+  seccompProfile: 
+    type: RuntimeDefault
+

logging/openshift/values-fluent-bit-events.yaml

@@ -1,3 +1,4 @@
+podSecurityContext: null
 securityContext: 
   privileged: true
 openShift:

logging/openshift/values-fluent-bit.yaml

@@ -1,3 +1,4 @@
+podSecurityContext: null
 securityContext: 
   privileged: true
 openShift: