github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-09-14 05:36:12 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #93095 from pjbgf/migrate-seccomp-usage-to-ga

Browse Source 
Update yaml files to use seccomp GA syntax
This commit is contained in:
Kubernetes Prow Robot
2020-08-28 12:35:49 -07:00
committed by GitHub
parent b02b84870c 8f8f1bad72
commit b440ecc315
21 changed files with 68 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
cluster/addons/cluster-loadbalancing/glbc/default-svc-controller.yaml
View File

@@ -17,9 +17,10 @@ spec:
labels:
k8s-app: glbc
name: glbc
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: default-http-backend
# Any image is permissible as long as:

5
cluster/addons/dashboard/dashboard.yaml
View File

@@ -261,9 +261,10 @@ spec:
metadata:
labels:
k8s-app: dashboard-metrics-scraper
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: dashboard-metrics-scraper
image: kubernetesui/metrics-scraper:v1.0.4

4
cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
View File

@@ -75,11 +75,11 @@ spec:
metadata:
labels:
k8s-app: kube-dns-autoscaler
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
nodeSelector:

5
cluster/addons/dns/coredns/coredns.yaml.base
View File

@@ -108,9 +108,10 @@ spec:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: system-cluster-critical
serviceAccountName: coredns
affinity:

5
cluster/addons/dns/coredns/coredns.yaml.in
View File

@@ -108,9 +108,10 @@ spec:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: system-cluster-critical
serviceAccountName: coredns
affinity:

5
cluster/addons/dns/coredns/coredns.yaml.sed
View File

@@ -108,9 +108,10 @@ spec:
metadata:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: system-cluster-critical
serviceAccountName: coredns
affinity:

3
cluster/addons/dns/kube-dns/kube-dns.yaml.base
View File

@@ -82,12 +82,13 @@ spec:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
prometheus.io/port: "10054"
prometheus.io/scrape: "true"
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
affinity:

3
cluster/addons/dns/kube-dns/kube-dns.yaml.in
View File

@@ -82,12 +82,13 @@ spec:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
prometheus.io/port: "10054"
prometheus.io/scrape: "true"
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
affinity:

3
cluster/addons/dns/kube-dns/kube-dns.yaml.sed
View File

@@ -82,12 +82,13 @@ spec:
labels:
k8s-app: kube-dns
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
prometheus.io/port: "10054"
prometheus.io/scrape: "true"
spec:
priorityClassName: system-cluster-critical
securityContext:
seccompProfile:
type: RuntimeDefault
supplementalGroups: [ 65534 ]
fsGroup: 65534
affinity:

8
cluster/addons/fluentd-elasticsearch/fluentd-es-ds.yaml
View File

@@ -61,12 +61,10 @@ spec:
labels:
k8s-app: fluentd-es
version: v3.0.2
# This annotation ensures that fluentd does not get evicted if the node
# supports critical pod annotation based priority scheme.
# Note that this does not guarantee admission on the nodes (#40573).
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: system-node-critical
serviceAccountName: fluentd-es
containers:

5
cluster/addons/fluentd-elasticsearch/kibana-deployment.yaml
View File

@@ -15,9 +15,10 @@ spec:
metadata:
labels:
k8s-app: kibana-logging
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
containers:
- name: kibana-logging
image: docker.elastic.co/kibana/kibana-oss:7.2.0

10
cluster/addons/metadata-agent/stackdriver/metadata-agent.yaml
View File

@@ -24,9 +24,10 @@ spec:
metadata:
labels:
app: metadata-agent
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
serviceAccountName: metadata-agent
priorityClassName: system-node-critical
nodeSelector:
@@ -88,9 +89,10 @@ spec:
metadata:
labels:
app: metadata-agent-cluster-level
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
serviceAccountName: metadata-agent
priorityClassName: system-cluster-critical
nodeSelector:

5
cluster/addons/metrics-server/metrics-server-deployment.yaml
View File

@@ -41,9 +41,10 @@ spec:
labels:
k8s-app: metrics-server
version: v0.3.6
annotations:
seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
spec:
securityContext:
seccompProfile:
type: RuntimeDefault
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
nodeSelector: