github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-08-06 18:54:06 +00:00
Code Issues Projects Releases Wiki Activity

Set deployment security profile to docker/default

Browse Source
This commit is contained in:
Martin Ostrowski 2018-06-01 17:10:52 -07:00
parent 30714148c8
commit 25a1cdbfc5
2 changed files with 26 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
cluster/addons/istio/auth/istio-auth.yaml
View File

@ -2583,6 +2583,7 @@ spec:
istio: statsd-prom-bridge istio: statsd-prom-bridge
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-mixer-service-account serviceAccountName: istio-mixer-service-account
volumes: volumes:
@ -2591,7 +2592,7 @@ spec:
name: istio-statsd-prom-bridge name: istio-statsd-prom-bridge
containers: containers:
- name: statsd-prom-bridge - name: statsd-prom-bridge
image: "prom/statsd-exporter:latest" image: "gcr.io/istio-release/prom/statsd-exporter:latest"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 9102 - containerPort: 9102
@ -2727,6 +2728,7 @@ spec:
istio: egressgateway istio: egressgateway
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-egressgateway-service-account serviceAccountName: istio-egressgateway-service-account
containers: containers:
@ -2848,6 +2850,7 @@ spec:
istio: ingress istio: ingress
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-ingress-service-account serviceAccountName: istio-ingress-service-account
containers: containers:
@ -2973,6 +2976,7 @@ spec:
istio: ingressgateway istio: ingressgateway
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-ingressgateway-service-account serviceAccountName: istio-ingressgateway-service-account
containers: containers:
@ -3103,6 +3107,7 @@ spec:
istio-mixer-type: policy istio-mixer-type: policy
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-mixer-service-account serviceAccountName: istio-mixer-service-account
volumes: volumes:
@ -3220,6 +3225,7 @@ spec:
istio-mixer-type: telemetry istio-mixer-type: telemetry
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-mixer-service-account serviceAccountName: istio-mixer-service-account
volumes: volumes:
@ -3311,6 +3317,7 @@ spec:
istio: pilot istio: pilot
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-pilot-service-account serviceAccountName: istio-pilot-service-account
containers: containers:
@ -3461,6 +3468,7 @@ spec:
app: prometheus app: prometheus
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: prometheus serviceAccountName: prometheus
@ -3549,6 +3557,7 @@ spec:
istio: citadel istio: citadel
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-citadel-service-account serviceAccountName: istio-citadel-service-account
containers: containers:
@ -3618,6 +3627,8 @@ spec:
metadata: metadata:
labels: labels:
istio: sidecar-injector istio: sidecar-injector
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-sidecar-injector-service-account serviceAccountName: istio-sidecar-injector-service-account
containers: containers:
@ -3858,7 +3869,6 @@ webhooks:
operator: NotIn operator: NotIn
values: values:
- disabled - disabled
--- ---
# Source: istio/charts/mixer/templates/config.yaml # Source: istio/charts/mixer/templates/config.yaml
@ -3900,6 +3910,7 @@ spec:
app: grafana app: grafana
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: grafana serviceAccountName: grafana
containers: containers:

14
cluster/addons/istio/noauth/istio.yaml
View File

@ -2570,6 +2570,7 @@ spec:
istio: statsd-prom-bridge istio: statsd-prom-bridge
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-mixer-service-account serviceAccountName: istio-mixer-service-account
volumes: volumes:
@ -2578,7 +2579,7 @@ spec:
name: istio-statsd-prom-bridge name: istio-statsd-prom-bridge
containers: containers:
- name: statsd-prom-bridge - name: statsd-prom-bridge
image: "prom/statsd-exporter:latest" image: "gcr.io/istio-release/prom/statsd-exporter:latest"
imagePullPolicy: IfNotPresent imagePullPolicy: IfNotPresent
ports: ports:
- containerPort: 9102 - containerPort: 9102
@ -2714,6 +2715,7 @@ spec:
istio: egressgateway istio: egressgateway
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-egressgateway-service-account serviceAccountName: istio-egressgateway-service-account
containers: containers:
@ -2835,6 +2837,7 @@ spec:
istio: ingress istio: ingress
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-ingress-service-account serviceAccountName: istio-ingress-service-account
containers: containers:
@ -2960,6 +2963,7 @@ spec:
istio: ingressgateway istio: ingressgateway
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-ingressgateway-service-account serviceAccountName: istio-ingressgateway-service-account
containers: containers:
@ -3090,6 +3094,7 @@ spec:
istio-mixer-type: policy istio-mixer-type: policy
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-mixer-service-account serviceAccountName: istio-mixer-service-account
volumes: volumes:
@ -3207,6 +3212,7 @@ spec:
istio-mixer-type: telemetry istio-mixer-type: telemetry
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-mixer-service-account serviceAccountName: istio-mixer-service-account
volumes: volumes:
@ -3298,6 +3304,7 @@ spec:
istio: pilot istio: pilot
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-pilot-service-account serviceAccountName: istio-pilot-service-account
containers: containers:
@ -3448,6 +3455,7 @@ spec:
app: prometheus app: prometheus
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: prometheus serviceAccountName: prometheus
@ -3536,6 +3544,7 @@ spec:
istio: citadel istio: citadel
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-citadel-service-account serviceAccountName: istio-citadel-service-account
containers: containers:
@ -3605,6 +3614,8 @@ spec:
metadata: metadata:
labels: labels:
istio: sidecar-injector istio: sidecar-injector
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: istio-sidecar-injector-service-account serviceAccountName: istio-sidecar-injector-service-account
containers: containers:
@ -3886,6 +3897,7 @@ spec:
app: grafana app: grafana
annotations: annotations:
sidecar.istio.io/inject: "false" sidecar.istio.io/inject: "false"
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec: spec:
serviceAccountName: grafana serviceAccountName: grafana
containers: containers: