diff --git a/cluster/addons/istio/auth/istio-auth.yaml b/cluster/addons/istio/auth/istio-auth.yaml index 218298d969e..c9f895e5314 100644 --- a/cluster/addons/istio/auth/istio-auth.yaml +++ b/cluster/addons/istio/auth/istio-auth.yaml @@ -2583,6 +2583,7 @@ spec: istio: statsd-prom-bridge annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-mixer-service-account volumes: @@ -2591,7 +2592,7 @@ spec: name: istio-statsd-prom-bridge containers: - name: statsd-prom-bridge - image: "prom/statsd-exporter:latest" + image: "gcr.io/istio-release/prom/statsd-exporter:latest" imagePullPolicy: IfNotPresent ports: - containerPort: 9102 @@ -2727,6 +2728,7 @@ spec: istio: egressgateway annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-egressgateway-service-account containers: @@ -2848,6 +2850,7 @@ spec: istio: ingress annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-ingress-service-account containers: @@ -2973,6 +2976,7 @@ spec: istio: ingressgateway annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-ingressgateway-service-account containers: @@ -3103,6 +3107,7 @@ spec: istio-mixer-type: policy annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-mixer-service-account volumes: @@ -3220,6 +3225,7 @@ spec: istio-mixer-type: telemetry annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-mixer-service-account volumes: @@ -3311,6 +3317,7 @@ spec: istio: pilot annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-pilot-service-account containers: @@ -3461,6 +3468,7 @@ spec: app: prometheus annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: prometheus @@ -3549,6 +3557,7 @@ spec: istio: citadel annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-citadel-service-account containers: @@ -3618,6 +3627,8 @@ spec: metadata: labels: istio: sidecar-injector + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-sidecar-injector-service-account containers: @@ -3858,7 +3869,6 @@ webhooks: operator: NotIn values: - disabled - --- # Source: istio/charts/mixer/templates/config.yaml @@ -3900,6 +3910,7 @@ spec: app: grafana annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: grafana containers: diff --git a/cluster/addons/istio/noauth/istio.yaml b/cluster/addons/istio/noauth/istio.yaml index 8ba60bdceca..31eaf0eb40e 100644 --- a/cluster/addons/istio/noauth/istio.yaml +++ b/cluster/addons/istio/noauth/istio.yaml @@ -2570,6 +2570,7 @@ spec: istio: statsd-prom-bridge annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-mixer-service-account volumes: @@ -2578,7 +2579,7 @@ spec: name: istio-statsd-prom-bridge containers: - name: statsd-prom-bridge - image: "prom/statsd-exporter:latest" + image: "gcr.io/istio-release/prom/statsd-exporter:latest" imagePullPolicy: IfNotPresent ports: - containerPort: 9102 @@ -2714,6 +2715,7 @@ spec: istio: egressgateway annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-egressgateway-service-account containers: @@ -2835,6 +2837,7 @@ spec: istio: ingress annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-ingress-service-account containers: @@ -2960,6 +2963,7 @@ spec: istio: ingressgateway annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-ingressgateway-service-account containers: @@ -3090,6 +3094,7 @@ spec: istio-mixer-type: policy annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-mixer-service-account volumes: @@ -3207,6 +3212,7 @@ spec: istio-mixer-type: telemetry annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-mixer-service-account volumes: @@ -3298,6 +3304,7 @@ spec: istio: pilot annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-pilot-service-account containers: @@ -3448,6 +3455,7 @@ spec: app: prometheus annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: prometheus @@ -3536,6 +3544,7 @@ spec: istio: citadel annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-citadel-service-account containers: @@ -3605,6 +3614,8 @@ spec: metadata: labels: istio: sidecar-injector + annotations: + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: istio-sidecar-injector-service-account containers: @@ -3886,6 +3897,7 @@ spec: app: grafana annotations: sidecar.istio.io/inject: "false" + seccomp.security.alpha.kubernetes.io/pod: 'docker/default' spec: serviceAccountName: grafana containers: