github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-24 12:15:52 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #100234 from vinayakankugoyal/seccomp

Browse Source 
runtime/default Seccomp Profile in kubeadm control-plane components.
This commit is contained in:
Kubernetes Prow Robot 2021-05-10 10:49:36 -07:00 committed by GitHub
commit 365ed5c4ad
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cmd/kubeadm/app/util/staticpod/utils.go
View File

@ -67,6 +67,11 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume, annotati
PriorityClassName: "system-node-critical", PriorityClassName: "system-node-critical",
HostNetwork: true, HostNetwork: true,
Volumes: VolumeMapToSlice(volumes), Volumes: VolumeMapToSlice(volumes),
SecurityContext: &v1.PodSecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
},
}, },
} }
} }

5
cmd/kubeadm/app/util/staticpod/utils_test.go
View File

@ -408,6 +408,11 @@ func TestComponentPod(t *testing.T) {
Labels: map[string]string{"component": "foo", "tier": "control-plane"}, Labels: map[string]string{"component": "foo", "tier": "control-plane"},
}, },
Spec: v1.PodSpec{ Spec: v1.PodSpec{
SecurityContext: &v1.PodSecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
},
Containers: []v1.Container{ Containers: []v1.Container{
{ {
Name: "foo", Name: "foo",