Use default seccomp profile for GCE manifests

2025-09-15 14:14:39 +00:00 · 2018-05-24 10:31:28 -07:00
parent d02cf08e27
commit 227f7d761d
8 changed files with 15 additions and 5 deletions
--- a/cluster/gce/manifests/cluster-autoscaler.manifest
+++ b/cluster/gce/manifests/cluster-autoscaler.manifest
@@ -7,6 +7,9 @@
        "labels": {
            "tier": "cluster-management",
            "component": "cluster-autoscaler"
+        },
+        "annotations": {
+            "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
        }
    },
    "spec": {
--- a/cluster/gce/manifests/etcd-empty-dir-cleanup.yaml
+++ b/cluster/gce/manifests/etcd-empty-dir-cleanup.yaml
@@ -5,6 +5,7 @@ metadata:
  namespace: kube-system
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
+    seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
  labels:
    k8s-app: etcd-empty-dir-cleanup
 spec:
--- a/cluster/gce/manifests/etcd.manifest
+++ b/cluster/gce/manifests/etcd.manifest
@@ -5,7 +5,8 @@
  "name":"etcd-server{{ suffix }}",
  "namespace": "kube-system",
  "annotations": {
-    "scheduler.alpha.kubernetes.io/critical-pod": ""
+    "scheduler.alpha.kubernetes.io/critical-pod": "",
+    "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
  }
 },
 "spec":{
@@ -62,7 +63,7 @@
    "ports": [
      { "name": "serverport",
        "containerPort": {{ server_port }},
-        "hostPort": {{ server_port }} 
+        "hostPort": {{ server_port }}
      },
      { "name": "clientport",
        "containerPort": {{ port }},
--- a/cluster/gce/manifests/glbc.manifest
+++ b/cluster/gce/manifests/glbc.manifest
@@ -5,6 +5,7 @@ metadata:
  namespace: kube-system
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
+    seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
  labels:
    k8s-app: gcp-lb-controller
    version: v1.1.1
--- a/cluster/gce/manifests/kube-addon-manager.yaml
+++ b/cluster/gce/manifests/kube-addon-manager.yaml
@@ -5,6 +5,7 @@ metadata:
  namespace: kube-system
  annotations:
    scheduler.alpha.kubernetes.io/critical-pod: ''
+    seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
  labels:
    component: kube-addon-manager
 spec:
--- a/cluster/gce/manifests/kube-apiserver.manifest
+++ b/cluster/gce/manifests/kube-apiserver.manifest
@@ -5,7 +5,8 @@
  "name":"kube-apiserver",
  "namespace": "kube-system",
  "annotations": {
-    "scheduler.alpha.kubernetes.io/critical-pod": ""
+    "scheduler.alpha.kubernetes.io/critical-pod": "",
+    "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
  },
  "labels": {
    "tier": "control-plane",
--- a/cluster/gce/manifests/kube-controller-manager.manifest
+++ b/cluster/gce/manifests/kube-controller-manager.manifest
@@ -5,7 +5,8 @@
  "name":"kube-controller-manager",
  "namespace": "kube-system",
  "annotations": {
-    "scheduler.alpha.kubernetes.io/critical-pod": ""
+    "scheduler.alpha.kubernetes.io/critical-pod": "",
+    "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
  },
  "labels": {
    "tier": "control-plane",
--- a/cluster/gce/manifests/kube-scheduler.manifest
+++ b/cluster/gce/manifests/kube-scheduler.manifest
@@ -5,7 +5,8 @@
  "name":"kube-scheduler",
  "namespace": "kube-system",
  "annotations": {
-    "scheduler.alpha.kubernetes.io/critical-pod": ""
+    "scheduler.alpha.kubernetes.io/critical-pod": "",
+    "seccomp.security.alpha.kubernetes.io/pod": "docker/default"
  },
  "labels": {
    "tier": "control-plane",