mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-24 12:15:52 +00:00
Merge pull request #100234 from vinayakankugoyal/seccomp
runtime/default Seccomp Profile in kubeadm control-plane components.
This commit is contained in:
commit
365ed5c4ad
@ -67,6 +67,11 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume, annotati
|
|||||||
PriorityClassName: "system-node-critical",
|
PriorityClassName: "system-node-critical",
|
||||||
HostNetwork: true,
|
HostNetwork: true,
|
||||||
Volumes: VolumeMapToSlice(volumes),
|
Volumes: VolumeMapToSlice(volumes),
|
||||||
|
SecurityContext: &v1.PodSecurityContext{
|
||||||
|
SeccompProfile: &v1.SeccompProfile{
|
||||||
|
Type: v1.SeccompProfileTypeRuntimeDefault,
|
||||||
|
},
|
||||||
|
},
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -408,6 +408,11 @@ func TestComponentPod(t *testing.T) {
|
|||||||
Labels: map[string]string{"component": "foo", "tier": "control-plane"},
|
Labels: map[string]string{"component": "foo", "tier": "control-plane"},
|
||||||
},
|
},
|
||||||
Spec: v1.PodSpec{
|
Spec: v1.PodSpec{
|
||||||
|
SecurityContext: &v1.PodSecurityContext{
|
||||||
|
SeccompProfile: &v1.SeccompProfile{
|
||||||
|
Type: v1.SeccompProfileTypeRuntimeDefault,
|
||||||
|
},
|
||||||
|
},
|
||||||
Containers: []v1.Container{
|
Containers: []v1.Container{
|
||||||
{
|
{
|
||||||
Name: "foo",
|
Name: "foo",
|
||||||
|
Loading…
Reference in New Issue
Block a user