Merge pull request #100234 from vinayakankugoyal/seccomp

runtime/default Seccomp Profile in kubeadm control-plane components.
2025-07-22 11:21:47 +00:00 · 2021-05-10 10:49:36 -07:00 · 2021-05-10 10:49:36 -07:00 · 365ed5c4ad
commit 365ed5c4ad
parent 20b0f6b2a6 9ae671a5d4
2 changed files with 10 additions and 0 deletions
--- a/cmd/kubeadm/app/util/staticpod/utils.go
+++ b/cmd/kubeadm/app/util/staticpod/utils.go
@ -67,6 +67,11 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume, annotati
 			PriorityClassName: "system-node-critical",
 			HostNetwork:       true,
 			Volumes:           VolumeMapToSlice(volumes),
+			SecurityContext: &v1.PodSecurityContext{
+				SeccompProfile: &v1.SeccompProfile{
+					Type: v1.SeccompProfileTypeRuntimeDefault,
+				},
+			},
 		},
 	}
 }
--- a/cmd/kubeadm/app/util/staticpod/utils_test.go
+++ b/cmd/kubeadm/app/util/staticpod/utils_test.go
@ -408,6 +408,11 @@ func TestComponentPod(t *testing.T) {
 					Labels:    map[string]string{"component": "foo", "tier": "control-plane"},
 				},
 				Spec: v1.PodSpec{
+					SecurityContext: &v1.PodSecurityContext{
+						SeccompProfile: &v1.SeccompProfile{
+							Type: v1.SeccompProfileTypeRuntimeDefault,
+						},
+					},
 					Containers: []v1.Container{
 						{
 							Name: "foo",