Add seccomp profile runtime default to add control-plane components.

This commit is contained in:
Vinayak Goyal 2021-03-14 23:13:38 -07:00
parent ca0c04e4d3
commit 9ae671a5d4
2 changed files with 10 additions and 0 deletions

View File

@ -67,6 +67,11 @@ func ComponentPod(container v1.Container, volumes map[string]v1.Volume, annotati
PriorityClassName: "system-node-critical",
HostNetwork: true,
Volumes: VolumeMapToSlice(volumes),
SecurityContext: &v1.PodSecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
},
},
}
}

View File

@ -408,6 +408,11 @@ func TestComponentPod(t *testing.T) {
Labels: map[string]string{"component": "foo", "tier": "control-plane"},
},
Spec: v1.PodSpec{
SecurityContext: &v1.PodSecurityContext{
SeccompProfile: &v1.SeccompProfile{
Type: v1.SeccompProfileTypeRuntimeDefault,
},
},
Containers: []v1.Container{
{
Name: "foo",