Merge pull request #100234 from vinayakankugoyal/seccomp

runtime/default Seccomp Profile in kubeadm control-plane components.
This commit is contained in:
Kubernetes Prow Robot 2021-05-10 10:49:36 -07:00 committed by GitHub
commit 365ed5c4ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions

View File

@ -67,6 +67,11 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume, annotati
PriorityClassName: "system-node-critical",
HostNetwork: true,
Volumes: VolumeMapToSlice(volumes),
SecurityContext: &v1.PodSecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
},
},
}
}

View File

@ -408,6 +408,11 @@ func TestComponentPod(t *testing.T) {
Labels: map[string]string{"component": "foo", "tier": "control-plane"},
},
Spec: v1.PodSpec{
SecurityContext: &v1.PodSecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
},
Containers: []v1.Container{
{
Name: "foo",