github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-11 06:02:18 +00:00
Code Issues Projects Releases Wiki Activity

Use runtime/default as default seccomp profile for unprivileged PodSecurityPolicy

Browse Source
This commit is contained in:
Zhen Wang
2018-05-15 09:39:37 -07:00
parent bd0d093701
commit 6351e25203
4 changed files with 8 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cluster/addons/fluentd-gcp/podsecuritypolicies/event-exporter-psp.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: gce.event-exporter
annotations:
kubernetes.io/description: 'Policy used by the event-exporter addon.'
# TODO: event-exporter should run with the default seccomp profile
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default,docker/default'
# 'runtime/default' is already the default, but must be filled in on the
# pod to pass admission.
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'

4
cluster/addons/fluentd-gcp/podsecuritypolicies/fluentd-gcp-psp.yaml
View File

@@ -4,8 +4,8 @@ metadata:
name: gce.fluentd-gcp
annotations:
kubernetes.io/description: 'Policy used by the fluentd-gcp addon.'
# TODO: fluentd-gcp should run with the default seccomp profile
seccomp.security.alpha.kubernetes.io/allowedProfileNames: '*'
seccomp.security.alpha.kubernetes.io/defaultProfileName: 'docker/default'
seccomp.security.alpha.kubernetes.io/allowedProfileNames: 'runtime/default,docker/default'
# 'runtime/default' is already the default, but must be filled in on the
# pod to pass admission.
apparmor.security.beta.kubernetes.io/defaultProfileName: 'runtime/default'