fix pss restricted warnings

Signed-off-by: Harshvir Potpose <hpotpose62@gmail.com>

Author: akagami-harsh

manifests/v1beta1/components/controller/controller.yaml

@@ -58,6 +58,15 @@ spec:
               name: katib-config
               subPath: katib-config.yaml
               readOnly: true
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+              - ALL
       volumes:
         - name: cert
           secret:

manifests/v1beta1/components/controller/trial-templates.yaml

@@ -15,7 +15,7 @@ data:
         spec:
           containers:
             - name: training-container
-              image: docker.io/kubeflowkatib/pytorch-mnist-cpu:latest
+              image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.18.0-rc.0
               command:
                 - "python3"
                 - "/opt/pytorch-mnist/mnist.py"
@@ -33,7 +33,7 @@ data:
         spec:
           containers:
             - name: training-container
-              image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:latest
+              image: docker.io/kubeflowkatib/enas-cnn-cifar10-cpu:v0.18.0-rc.0
               command:
                 - python3
                 - -u
@@ -54,7 +54,7 @@ data:
             spec:
               containers:
                 - name: pytorch
-                  image: docker.io/kubeflowkatib/pytorch-mnist-cpu:latest
+                  image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.18.0-rc.0
                   command:
                     - "python3"
                     - "/opt/pytorch-mnist/mnist.py"
@@ -68,7 +68,7 @@ data:
             spec:
               containers:
                 - name: pytorch
-                  image: docker.io/kubeflowkatib/pytorch-mnist-cpu:latest
+                  image: docker.io/kubeflowkatib/pytorch-mnist-cpu:v0.18.0-rc.0
                   command:
                     - "python3"
                     - "/opt/pytorch-mnist/mnist.py"

manifests/v1beta1/components/db-manager/db-manager.yaml

@@ -40,3 +40,12 @@ spec:
             initialDelaySeconds: 10
             periodSeconds: 60
             failureThreshold: 5
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+              - ALL

manifests/v1beta1/components/mysql/mysql.yaml

@@ -68,6 +68,15 @@ spec:
           volumeMounts:
             - name: katib-mysql
               mountPath: /var/lib/mysql
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+              - ALL
       volumes:
         - name: katib-mysql
           persistentVolumeClaim:

manifests/v1beta1/components/ui/ui.yaml

@@ -33,4 +33,13 @@ spec:
           ports:
             - name: ui
               containerPort: 8080
+          securityContext:
+            runAsNonRoot: true
+            allowPrivilegeEscalation: false
+            runAsUser: 1000
+            seccompProfile:
+              type: RuntimeDefault
+            capabilities:
+              drop:
+              - ALL
       serviceAccountName: katib-ui